Trust Assessment
database-optimizer received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive permissions declared in manifest.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive permissions declared in manifest The skill's manifest declares a broad set of permissions, including 'Bash', 'Write', and 'Edit'. While the skill's description focuses on database optimization and analysis, these permissions grant the ability to execute arbitrary shell commands, modify files, and potentially exfiltrate data. This significantly increases the attack surface and risk, as a compromised skill or malicious input could leverage these powerful capabilities for unintended actions, even if the current skill instructions do not explicitly use them. Review and restrict the 'allowed-tools' in the manifest to the absolute minimum necessary for the skill's intended function. For a database optimizer, 'Read' and 'Grep' might be sufficient for analysis. 'Bash', 'Write', and 'Edit' should be removed unless critically justified, and if so, specific commands or file paths should be whitelisted to limit their scope. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/756335e8ba8f6d1d)
Powered by SkillShield