Trust Assessment
moltpho received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 8 findings: 0 critical, 0 high, 7 medium, and 1 low severity. Key findings include Unsafe deserialization / dynamic eval, Suspicious import: requests, Unpinned Python dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/unifiedh/moltpho/lib/moltpho.py:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/unifiedh/moltpho/lib/moltpho.py:45 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/unifiedh/moltpho/lib/moltpho.py:785 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/unifiedh/moltpho/lib/proactive.py:577 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/unifiedh/moltpho/lib/moltpho.py:24 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests>=2.28.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/unifiedh/moltpho/requirements.txt:2 | |
| MEDIUM | API Key Secret sent as Bearer token due to logic flaw The `_get_auth_headers` function in `lib/moltpho.py` contains a fallback mechanism that sends the `api_key_secret` directly as a Bearer token if `credentials.api_key_id` evaluates to false (e.g., if it's an empty string). The skill's specification (SKILL.md) explicitly states a preference for HMAC signing, which is a more secure authentication method. Sending the raw secret, even over HTTPS, is a less secure practice and increases the risk if the API endpoint is compromised or if the `api_key_id` is unintentionally empty or malformed, leading to a downgrade in authentication security. Ensure that `api_key_id` is always validated to be non-empty when HMAC signing is the intended authentication method. Consider removing the less secure Bearer token fallback, or explicitly document scenarios where it is acceptable and why. If `api_key_id` is truly optional, the `Credentials` dataclass should reflect this (e.g., `api_key_id: Optional[str]`). | LLM | lib/moltpho.py:204 | |
| LOW | Weak dependency pinning in requirements.txt The `requirements.txt` file uses a minimum version pin (`requests>=2.28.0`) instead of an exact version pin (`requests==2.28.0`). While this allows for updates, it introduces a risk of unexpected breaking changes or security vulnerabilities from newer versions of the dependency being automatically installed without explicit review. For production environments, exact pinning is generally recommended for better supply chain security and reproducibility. Pin dependencies to exact versions (e.g., `requests==2.28.0`) to ensure build reproducibility and prevent unexpected changes from upstream packages. Use a dependency management tool that generates lock files for consistent installations. | LLM | requirements.txt:2 |
Scan History
Embed Code
[](https://skillshield.io/report/ad21b357209a42a2)
Powered by SkillShield