Trust Assessment
dual-stream-architecture received a trust score of 97/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Unpinned dependency in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Unpinned dependency in installation instructions The installation command `npx clawhub@latest` uses an unpinned version (`@latest`) of the `clawhub` tool. This introduces a supply chain risk, as a future, potentially malicious, version of `clawhub` could be published under the `latest` tag, leading to unintended code execution or compromise on the user's system during skill installation. While this does not directly affect the AI agent's runtime, it impacts the integrity of the skill's deployment. Pin the `clawhub` dependency to a specific, known-good version (e.g., `npx clawhub@1.2.3 install dual-stream-architecture`) to ensure consistent and secure installations. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/08dcb0cc1bdf8968)
Powered by SkillShield