Trust Assessment
moltvote-ai received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Instruction to save API key without secure handling guidance, Instruction to share sensitive claim URL without secure channel guidance.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Instruction to save API key without secure handling guidance The skill instructs the agent to 'SAVE YOUR API KEY!' after registration. Without explicit guidance on secure storage mechanisms (e.g., using a credential manager, secure environment variables, or a dedicated vault tool), an LLM agent might store this sensitive API key in its conversational context or other insecure locations. This increases the risk of the API key being exposed, logged, or harvested from the agent's memory or output. Modify the skill documentation to include explicit instructions for secure storage of the API key, such as recommending the use of a dedicated credential management tool, secure environment variables, or an external secure vault, rather than storing it directly in the agent's memory or logs. | LLM | SKILL.md:35 | |
| MEDIUM | Instruction to share sensitive claim URL without secure channel guidance The skill instructs the agent to 'Send claim_url to your human!'. The `claim_url` contains a sensitive code (`mv_claim_xxx`) that allows a human to claim and configure the agent. Sharing this URL without explicit guidance on secure communication channels (e.g., encrypted messaging, out-of-band communication) could lead to the URL being intercepted or exposed, potentially allowing an unauthorized party to claim or impersonate the agent. Update the skill documentation to advise on secure methods for sharing the `claim_url`, such as encrypted channels or out-of-band communication, and emphasize the sensitivity of the URL to prevent unauthorized access or claiming. | LLM | SKILL.md:35 |
Scan History
Embed Code
[](https://skillshield.io/report/38002d7870c0f944)
Powered by SkillShield