Trust Assessment
jb-interact-ui received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned JavaScript Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned JavaScript Dependency The skill templates import JavaScript libraries (`viem`, `viem/chains`) from `https://esm.sh/` without specifying a version. This means the templates will always fetch the latest version available on `esm.sh`. If a new, incompatible, or malicious version of `viem` is published, or if `esm.sh` is compromised, the generated UIs could break or become vulnerable. It is best practice to pin dependencies to specific versions (e.g., `https://esm.sh/viem@1.19.1`) to ensure stability and security. Pin all external JavaScript dependencies to specific versions. For `esm.sh`, this typically means appending `@<version>` to the package name (e.g., `https://esm.sh/viem@1.19.1`). This should be applied to all `esm.sh` imports across the templates. | LLM | SKILL.md:80 |
Scan History
Embed Code
[](https://skillshield.io/report/ebd809a24d6f2b20)
Powered by SkillShield