Trust Assessment
moltbot-ha received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Dependency in Installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Dependency in Installation The skill's installation instructions specify `moltbot-ha` without a version constraint. This means that `uv` will always install the latest available version. If a future version of `moltbot-ha` introduces a vulnerability or malicious code, it could be automatically installed, posing a supply chain risk. Pinning dependencies to a specific version or range helps ensure reproducibility and reduces the risk of unexpected changes. Pin the `moltbot-ha` dependency to a specific version or version range in the installation command, for example: `uv tool install moltbot-ha==1.2.3` or `uv tool install moltbot-ha~=1.2`. | LLM | SKILL.md:9 |
Scan History
Embed Code
[](https://skillshield.io/report/e660e4dc948754fa)
Powered by SkillShield