Trust Assessment
dexcom received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Sensitive path access: AI agent config, Unpinned Python dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/chris-clem/dexcom/SKILL.md:15 | |
| HIGH | Unpinned Python dependencies The `scripts/glucose.py` file specifies Python dependencies (`pydexcom`, `fire`) without pinning them to specific versions. This allows the `uv` package manager to install the latest available versions, which could introduce vulnerabilities or malicious code if a dependency maintainer's account is compromised or a malicious package is published under the same name. This is a significant supply chain risk. Pin all Python dependencies to exact versions (e.g., `pydexcom==X.Y.Z`, `fire==A.B.C`) to ensure reproducible and secure installations. Regularly review and update pinned versions. | LLM | scripts/glucose.py:4 |
Scan History
Embed Code
[](https://skillshield.io/report/75919a00be23df6a)
Powered by SkillShield