Trust Assessment
moltresearch received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unverified remote file downloads during installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unverified remote file downloads during installation The skill's installation instructions involve downloading files (SKILL.md, HEARTBEAT.md, package.json) directly from 'https://moltresearch.com' using `curl` without any integrity verification mechanisms (e.g., cryptographic hashes). If 'moltresearch.com' were compromised, an attacker could replace these files with malicious versions, leading to the installation of untrusted or harmful content into the agent's environment. This constitutes a supply chain risk. Implement cryptographic hash verification (e.g., SHA256) for all downloaded files. The skill should compare the downloaded file's hash against a known good hash before installation or execution. Alternatively, consider packaging all necessary files within the skill bundle itself to avoid external downloads during installation. | LLM | skill.md:19 |
Scan History
Embed Code
[](https://skillshield.io/report/db23985c07ecb8cb)
Powered by SkillShield