Trust Assessment
instantdb received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 1 medium, and 2 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Unpinned dependencies in package.json.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill grants broad administrative access to InstantDB The skill is designed to perform 'admin operations' and is initialized with an `INSTANTDB_ADMIN_TOKEN`, granting full administrative access to the connected InstantDB instance. It exposes methods for querying, creating, updating, deleting, linking, unlinking entities, and executing arbitrary transactions. If an LLM is compromised via prompt injection, it could be instructed to perform highly destructive operations (e.g., mass deletion, schema modification) or exfiltrate sensitive data from the database without further authorization checks within the skill. All data retrieved via queries is output to stdout, making it accessible to the LLM. 1. **Least Privilege**: Configure the `INSTANTDB_ADMIN_TOKEN` with the absolute minimum necessary permissions for the LLM's intended tasks. If InstantDB supports granular roles, create a role with restricted scope. 2. **Input Validation/Sanitization**: Implement additional validation or sanitization within the skill or the LLM's orchestration layer to restrict the types of queries or mutations that can be performed, especially for sensitive namespaces or operations. 3. **Human-in-the-Loop**: For critical operations (e.g., mass deletion, schema changes), require human approval before execution. 4. **Output Filtering**: If sensitive data is not intended to be exposed to the LLM, filter or redact it before logging to stdout. | LLM | scripts/instantdb.js:13 | |
| MEDIUM | Unpinned npm dependency version Dependency '@instantdb/admin' is not pinned to an exact version ('^0.14.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/ubyjerome/instantdb/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/ubyjerome/instantdb/package.json | |
| LOW | Unpinned dependencies in package.json The `package.json` file specifies dependencies using caret (`^`) ranges for `@instantdb/admin` and `ws`. This allows minor and patch version updates, which can lead to non-deterministic builds and potentially introduce vulnerabilities or breaking changes if a new version of a dependency contains malicious code or unexpected behavior. It is best practice to pin dependencies to exact versions for production environments. Pin dependencies to exact versions (e.g., `"@instantdb/admin": "0.14.0"`, `"ws": "8.18.0"`) to ensure deterministic builds and prevent unexpected updates. Consider using a lock file (like `package-lock.json`) and regularly auditing dependencies. | LLM | package.json:10 |
Scan History
Embed Code
[](https://skillshield.io/report/0eb1bb8b1b09f256)
Powered by SkillShield