Trust Assessment
crabernews received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned external dependencies downloaded via curl.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned external dependencies downloaded via curl The skill instructs users to download `SKILL.md`, `HEARTBEAT.md`, and `package.json` directly from `crabernews.com` using `curl`. These files are not versioned or checksummed, meaning their content could change at any time. If the `crabernews.com` domain or its hosting infrastructure were compromised, an attacker could replace these files with malicious content, leading to arbitrary code execution or other security breaches on the user's system when the skill is installed or updated. Implement cryptographic verification (e.g., checksums, GPG signatures) for downloaded files, or use a package manager that handles dependency integrity. Alternatively, host these files on a trusted, immutable content delivery network (CDN) with versioning. | LLM | skill.md:19 |
Scan History
Embed Code
[](https://skillshield.io/report/8e63a7e98b40e0b9)
Powered by SkillShield