Trust Assessment
dev-slides received a trust score of 69/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 0 medium, and 1 low severity. Key findings include Excessive and broad tool permissions declared, Unpinned dependency in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Excessive and broad tool permissions declared The skill manifest declares highly privileged tools: `computer`, `code_execution`, and `file_operations`. These tools grant the skill the ability to execute arbitrary code, interact with the underlying operating system, and perform extensive file system operations (read, write, delete). While the skill's description mentions 'code execution' as a core feature, the combination of these broad permissions creates a significant attack surface for command injection, data exfiltration, and system compromise if the skill is exploited or misused by a malicious prompt or an untrusted user. Review and restrict tool permissions to the absolute minimum required for the skill's intended functionality. If code execution is necessary, ensure it operates within a strictly sandboxed environment with minimal privileges and network access. Consider if `computer` and `file_operations` are truly essential beyond what `code_execution` might implicitly cover in a sandboxed manner, or if more granular permissions can be used. | LLM | SKILL.md | |
| LOW | Unpinned dependency in installation instructions The recommended installation command `npm init slidev@latest` uses the `@latest` tag, which does not pin the dependency to a specific version. This can lead to non-deterministic installations, where future versions of `slidev` might introduce breaking changes, vulnerabilities, or unexpected behavior. While this is a user instruction and not code executed by the skill itself, it's a best practice to recommend specific, pinned versions for reproducibility and security. Recommend pinning the `slidev` version in the installation instructions (e.g., `npm init slidev@1.2.3`) to ensure deterministic and secure installations. Regularly update the pinned version to benefit from security patches and new features. | LLM | SKILL.md:129 |
Scan History
Embed Code
[](https://skillshield.io/report/c358724a0d404ce2)
Powered by SkillShield