Trust Assessment
emily-radix-assistant received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned Dependency in Skill Manifest.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Dependency in Skill Manifest The skill manifest specifies the 'mcporter' npm package without a version constraint. This means that 'npm' will install the latest available version of 'mcporter' at the time of installation. If a malicious or vulnerable version of 'mcporter' is published, it could be automatically installed, leading to supply chain attacks, arbitrary code execution, or other security compromises. It is best practice to pin dependencies to specific versions or use strict version ranges to ensure deterministic and secure installations. Pin the 'mcporter' npm package to a specific, known-good version (e.g., 'mcporter@1.2.3') or a strict version range (e.g., 'mcporter@^1.0.0') in the skill manifest's 'install' section. Regularly review and update pinned dependencies. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/2d0f709aeb5a692b)
Powered by SkillShield