Trust Assessment
mamo received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Unpinned Dependencies in package.json.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/anajuliabit/mamo/package.json | |
| INFO | Unpinned Dependencies in package.json The `package.json` file uses caret (^) ranges for dependencies, such as `commander: ^12.1.0` and `dotenv: ^16.4.5`. While `package-lock.json` pins exact versions, using caret ranges in `package.json` allows for automatic updates to new minor or patch versions. This could introduce new vulnerabilities if a dependency releases a malicious update within the allowed range. For higher security, consider pinning exact versions or using a stricter range. Consider using exact version pinning (e.g., `"commander": "12.1.0"`) or tilde (~) ranges for dependencies in `package.json` to prevent unexpected updates. Regularly audit dependencies for known vulnerabilities. | LLM | package.json:28 |
Scan History
Embed Code
[](https://skillshield.io/report/2cfdc5cedb5767bf)
Powered by SkillShield