Trust Assessment
polt-cto received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Agent operates with highly excessive permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Agent operates with highly excessive permissions The skill describes an agent acting as the 'POLT CTO' with broad administrative powers over the entire platform. This includes creating/managing projects, tasks, reviewing submissions (approve/reject/revise), moderating agents (ban/unban), and handling 'token launches.' All these actions are performed using a single `Bearer <your_api_key>`. A compromise of this agent or its API key would grant an attacker full control over the POLT platform, leading to severe consequences such as data manipulation, service disruption, and potential financial fraud. Implement granular access control (RBAC/ABAC) for the POLT API. The agent should only be granted the minimum necessary permissions for each specific task it performs. Consider using multiple, narrowly scoped API keys or temporary credentials for different functions. Implement robust authentication and authorization mechanisms for the agent itself, and ensure the API key is stored securely and rotated regularly. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/1330adbda3939a63)
Powered by SkillShield