Trust Assessment
mrdahut-comcoo received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 0 high, 1 medium, and 2 low severity. Key findings include Missing required field: name, Environment variable 'USERNAME' logged to console.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/mrdahut/mrdahut-comcoo/skill.md:1 | |
| LOW | Environment variable 'USERNAME' logged to console The skill accesses the `USERNAME` environment variable via `process.env.USERNAME` and logs its value to standard output. While `USERNAME` is often not highly sensitive, this demonstrates a pattern of accessing and potentially exfiltrating environment variables. If other sensitive environment variables were accessed and logged, it could lead to credential harvesting or more significant data exfiltration. Avoid logging environment variables directly. If user identification is necessary, use a more secure method that does not expose system-level environment variables. Ensure only necessary data is accessed and displayed. | LLM | pulse.js:4 | |
| LOW | Environment variable 'USERNAME' logged to console The skill accesses the `USERNAME` environment variable via `process.env.USERNAME` and logs its value to standard output. While `USERNAME` is often not highly sensitive, this demonstrates a pattern of accessing and potentially exfiltrating environment variables. If other sensitive environment variables were accessed and logged, it could lead to credential harvesting or more significant data exfiltration. Avoid logging environment variables directly. If user identification is necessary, use a more secure method that does not expose system-level environment variables. Ensure only necessary data is accessed and displayed. | LLM | telemetry.js:6 |
Scan History
Embed Code
[](https://skillshield.io/report/39457632edaac8e4)
Powered by SkillShield