Trust Assessment
listonic received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 1 medium, and 1 low severity. Key findings include Suspicious import: urllib.request, Hardcoded API Client Secret.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jeremymahieu/listonic/scripts/listonic.py:21 | |
| LOW | Hardcoded API Client Secret The `DEFAULT_CLIENT_SECRET` for the Listonic API is hardcoded directly in the `listonic.py` script. While this is for an unofficial, reverse-engineered API and might be publicly known, hardcoding secrets is generally discouraged as it exposes sensitive information in the codebase, makes secret rotation difficult, and could potentially be misused if the secret gains unexpected value. Best practice is to load secrets from secure configuration or environment variables. Store API client secrets securely, for example, in environment variables, a dedicated secrets management system, or ensure they are loaded from the `config.json` if they are user-provided. If this secret is truly public and non-sensitive, consider documenting that fact. | LLM | scripts/listonic.py:31 |
Scan History
Embed Code
[](https://skillshield.io/report/31246cf8152ae513)
Powered by SkillShield