Trust Assessment
drift received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned external dependencies (GitHub main branch).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned external dependencies (GitHub main branch) The skill references external GitHub repositories and websites using unversioned links (e.g., pointing to the 'main' branch). This means the content at these URLs can change at any time without the skill package being updated or re-audited. A malicious actor gaining control of the 'ClawdEFS/drift' repository or any of the linked websites could inject harmful instructions, code, or data into the resources that the AI agent is directed to use, potentially leading to prompt injection, command injection, or data exfiltration if the agent processes the external content. Pin external dependencies to specific commits, tags, or versions where possible. For GitHub links, replace 'main' with a specific commit hash or release tag. For websites, regular monitoring or content hashing could be considered if the content is critical. | LLM | SKILL.md:19 |
Scan History
Embed Code
[](https://skillshield.io/report/f6607b6aa222c1dc)
Powered by SkillShield