Trust Assessment
localstorage-poc received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Skill describes SVG XSS for localStorage/Auth Token Access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill describes SVG XSS for localStorage/Auth Token Access The skill's description explicitly states its purpose is to demonstrate that SVG files can access `localStorage`, including authentication tokens, via an SVG XSS vulnerability. It instructs users to open `icon.svg` to view the Proof of Concept. This indicates a clear intent to perform credential harvesting and data exfiltration, as authentication tokens are sensitive credentials. Remove or sanitize any SVG files (e.g., `icon.svg`) that attempt to access `localStorage` or sensitive user data. Implement strict Content Security Policies (CSPs) to prevent SVG-based XSS and restrict access to `localStorage` from untrusted origins. Review the `icon.svg` file for malicious JavaScript or other exploit code. | LLM | SKILL.md:5 |
Scan History
Embed Code
[](https://skillshield.io/report/0454c9a9f31e3526)
Powered by SkillShield