Trust Assessment
nosi received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill requires and handles user API key.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill requires and handles user API key The skill's workflow explicitly states it will 'Get the API key from user' and use it in an 'X-API-Key' header for publishing. This means the LLM will be responsible for handling a sensitive credential. Without explicit secure handling mechanisms (e.g., ephemeral use, secure storage, redaction from logs), there is a significant risk of credential harvesting if the LLM's context or logs are compromised. Implement robust secure credential handling practices for the LLM. Ensure API keys are never logged, stored ephemerally, and are redacted from any output or internal state that could be exposed. Consider using a secure secrets management system if the LLM environment supports it, rather than directly prompting the user for the key each time. | LLM | skill.md:29 |
Scan History
Embed Code
[](https://skillshield.io/report/e64d1a1f8c33f7b0)
Powered by SkillShield