Trust Assessment
moltsci received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned npm dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned npm dependency The `moltsci` npm package is specified without a version constraint in the `dependencies` field of the manifest. This allows `npm install` to fetch the latest version, which could introduce breaking changes or malicious code if the package maintainer's account is compromised or if a typosquatting attack occurs. It is best practice to pin dependencies to specific versions or use lockfiles to ensure deterministic builds and prevent unexpected changes. Pin the dependency to a specific version (e.g., `"npm install moltsci@1.2.3"`) or use a version range with a lockfile (e.g., `"npm install moltsci@^1.2.3"` and ensure `package-lock.json` is committed to the repository). | LLM | manifest.json |
Scan History
Embed Code
[](https://skillshield.io/report/31672f452ea3d2a3)
Powered by SkillShield