Trust Assessment
multi-factor-strategy received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unpinned dependency installation, Installation from potentially less trusted Git source, Potential command injection via expression evaluation in `quantcli`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential command injection via expression evaluation in `quantcli` The skill guides users to define stock selection strategies using YAML files, which include an `expr` field for custom factor definitions (e.g., `expr: "(close - ma(close, 10)) / ma(close, 10)"`). These expressions are evaluated by the `quantcli` tool. If `quantcli` uses an unsafe expression evaluator (e.g., `eval()` without proper sandboxing), a malicious actor could craft an `expr` value that executes arbitrary code on the system where `quantcli` is run. The LLM, if prompted maliciously, could generate such an `expr` value, leading to command injection. The `quantcli` tool should ensure that its expression evaluation engine is securely sandboxed to prevent arbitrary code execution. The skill should ideally warn users about the risks of untrusted input in `expr` fields or recommend using only predefined, safe expressions. | LLM | skill.md:40 | |
| MEDIUM | Unpinned dependency installation The skill instructs users to install `quantcli` using `pip install quantcli` without specifying a version. This can lead to installing a malicious or vulnerable version if the package maintainer's account is compromised, or if a new version introduces breaking changes or security flaws. It's a common supply chain risk. Specify a pinned version for `quantcli` (e.g., `pip install quantcli==1.2.3`) or use a `requirements.txt` with pinned versions to ensure reproducible and secure installations. | LLM | skill.md:15 | |
| MEDIUM | Installation from potentially less trusted Git source The skill provides an option to install `quantcli` directly from `gitcode.com/datavoid/quantcli.git`. While not inherently malicious, `gitcode.com` is a less common and potentially less scrutinized code hosting platform compared to major platforms like GitHub or GitLab. Relying on less common sources increases supply chain risk, as the repository could be compromised or host malicious code without widespread detection. Recommend installing only from PyPI (with a pinned version) or from a well-established and trusted source. If installing from source is necessary, provide instructions for verifying the integrity of the cloned repository (e.g., checking GPG signatures if available). | LLM | skill.md:18 |
Scan History
Embed Code
[](https://skillshield.io/report/04697e8feb717d17)
Powered by SkillShield