Trust Assessment
netlify received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill requires broad Netlify API access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill requires broad Netlify API access The skill's manifest declares a requirement for the `NETLIFY_AUTH_TOKEN` environment variable. This token typically grants broad administrative access to a user's Netlify account, including the ability to manage sites, deploys, and functions. While this level of access may be necessary for the skill's stated purpose ('Manage Netlify sites, deploys, and functions via API'), it represents a significant permission scope. Any compromise or malicious implementation of the skill could leverage this powerful credential for unauthorized actions or data exfiltration on the user's Netlify account. Users should be aware of the extensive permissions granted by this token. Ensure the skill's implementation strictly adheres to the principle of least privilege. If possible, consider using Netlify deploy keys or scoped API tokens with more granular permissions if the skill's functionality does not require full administrative access. Users should be explicitly informed about the broad permissions required by this skill. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/4dfd70905fa857df)
Powered by SkillShield