Trust Assessment
domaindetails received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned external dependency recommended.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned external dependency recommended The skill's documentation recommends using `npx domaindetails example.com` for an optional CLI. `npx` fetches and executes an npm package. Without a specific version pinned (e.g., `domaindetails@1.2.3`), this command will always fetch the latest version. This introduces a supply chain risk, as the `domaindetails` package could be compromised, typosquatted, or introduce vulnerabilities in future updates, potentially leading to arbitrary code execution on the system where it's run. If this CLI is intended for users, advise them to pin the package to a specific, audited version (e.g., `npx domaindetails@1.0.0 example.com`). If the skill itself were to execute this, it should specify a pinned version in its dependencies or use a more controlled execution method. | LLM | SKILL.md:28 |
Scan History
Embed Code
[](https://skillshield.io/report/c1d5ded45e0428bc)
Powered by SkillShield