Trust Assessment
domain-checker received a trust score of 98/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Potential Credential Exposure in Example API Call.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Potential Credential Exposure in Example API Call The skill provides an example `curl` command that includes a placeholder for an API key (`YOUR_KEY`) directly in the command line arguments. If the LLM replaces this placeholder with a real API key, the key could be exposed in system logs, process lists (`ps`), or shell history, leading to unauthorized access if compromised. While this is a placeholder, it demonstrates a pattern that could lead to credential exposure when used by an AI agent. Instruct the LLM to use environment variables (e.g., `$RAPIDAPI_KEY`) or a secure credential management system instead of hardcoding or directly embedding API keys in command line arguments. Update the example to reflect this secure practice. | LLM | SKILL.md:80 |
Scan History
Embed Code
[](https://skillshield.io/report/196a6b2a9e88c2d2)
Powered by SkillShield