Trust Assessment
cron-writer received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned external dependency execution via npx, Instruction to execute external shell command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned external dependency execution via npx The skill's documentation instructs users/agents to execute an external Node.js package `ai-cron-gen` using `npx`. The command `npx ai-cron-gen` does not specify a version, meaning it will always fetch and execute the latest version from the npm registry. This introduces a significant supply chain risk, as a malicious update to the `ai-cron-gen` package could lead to arbitrary code execution on the system running the command without explicit user or agent consent for the new version. Specify a fixed, trusted version for the `ai-cron-gen` package (e.g., `npx ai-cron-gen@1.2.3 "..."`) to ensure consistent and secure execution. Alternatively, consider bundling the dependency directly within the skill or providing a more controlled execution mechanism. | LLM | SKILL.md:20 | |
| MEDIUM | Instruction to execute external shell command The skill's documentation explicitly instructs users/agents to execute an external program `ai-cron-gen` via `npx` in a shell environment. If an AI agent is configured to interpret and execute such instructions directly from skill documentation, this constitutes a command injection vector. While the skill itself does not contain executable code, it directs the execution of external commands, which could be exploited if the external tool or its arguments are malicious or vulnerable to injection. Avoid instructing direct shell command execution within skill documentation intended for AI agents. If external tools are necessary, consider wrapping them in a controlled execution environment, providing a dedicated tool interface, or requiring explicit user confirmation before execution. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/8ca9c613df745072)
Powered by SkillShield