Trust Assessment
firmenbuchat received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Git dependency in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Git dependency in installation instructions The 'uv' installation method specifies a direct Git repository URL ('git+https://github.com/pasogott/firmenbuch-aip.git') without pinning to a specific commit hash or tag. This means that future installations or updates could fetch different code if the upstream repository changes, introducing non-determinism and potential for malicious code injection if the repository is compromised. Pin the Git dependency to a specific commit hash or tag (e.g., 'git+https://github.com/pasogott/firmenbuch-aip.git@v0.2.3' or '@<commit_hash>') to ensure deterministic and immutable installations. | LLM | skill.md |
Scan History
Embed Code
[](https://skillshield.io/report/03fb559f33d95d52)
Powered by SkillShield