Trust Assessment
gas-tracker received a trust score of 98/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Untrusted Script Execution During Installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Untrusted Script Execution During Installation The skill's manifest uses `curl | bash` to install Foundry. This method executes a remote script directly, which can pose a supply chain risk if the remote source is compromised. While `foundry.paradigm.xyz` is the official source for Foundry, this pattern is generally discouraged for security-sensitive installations. Prefer installing dependencies via package managers (e.g., apt, brew, pip) or by downloading and verifying binaries/scripts before execution. If `curl | bash` is unavoidable, ensure the URL is pinned to a specific version or hash, and consider auditing the script content. | LLM | Manifest |
Scan History
Embed Code
[](https://skillshield.io/report/928466ca5dd65c6c)
Powered by SkillShield