Trust Assessment
csfloat received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Incorrect variable used in Authorization header example.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Incorrect variable used in Authorization header example The example command for 'Create a listing' incorrectly uses `$LISTING_ID` in the `Authorization` header instead of the required `$CSFLOAT_API_KEY`. This demonstrates a misunderstanding of how API keys should be passed and could lead to credential exposure if a sensitive variable were mistakenly placed in this header, or if the user were to put their API key into `$LISTING_ID`. Replace `$LISTING_ID` with `$CSFLOAT_API_KEY` in the `Authorization` header for the 'Create a listing' example. Ensure all examples correctly demonstrate the use of sensitive credentials. | LLM | SKILL.md:31 |
Scan History
Embed Code
[](https://skillshield.io/report/7978ce5c95f567bb)
Powered by SkillShield