Trust Assessment
pod-cog received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned dependency 'cellcog'.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned dependency 'cellcog' The skill manifest declares a dependency on 'cellcog' without specifying a version. This means that any future updates to the 'cellcog' skill, including potentially malicious or vulnerable changes, would be automatically pulled and used by 'pod-cog' without explicit review or version control. This introduces a significant supply chain risk, as the behavior of 'pod-cog' could change unexpectedly or maliciously if 'cellcog' is compromised or updated with breaking changes. Pin the 'cellcog' dependency to a specific, known-good version (e.g., "cellcog@1.2.3") in the skill manifest to ensure deterministic builds and prevent unexpected or malicious updates. Regularly review and manually update pinned dependencies after verifying their integrity and compatibility. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/a1f9fd8adad025eb)
Powered by SkillShield