Trust Assessment
qianfan-knowledgebase-search received a trust score of 91/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 1 medium, and 1 low severity. Key findings include Suspicious import: requests, Sensitive user query logged to stdout.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/hannatao/qianfan-knowledgebase-search/search.py:8 | |
| LOW | Sensitive user query logged to stdout The skill logs the full parsed request body, including the user's search query, to standard output. If the query contains sensitive information (e.g., PII, confidential terms), this could lead to unintended exposure in system logs or to downstream processes that capture stdout. While not direct exfiltration to an unauthorized third party, it represents a potential information leak. Remove or redact sensitive fields from logging statements. For example, log only non-sensitive parts of the request body, or mask/hash the query content if logging is necessary for debugging purposes. | LLM | search.py:33 |
Scan History
Embed Code
[](https://skillshield.io/report/d2a70e20a667438d)
Powered by SkillShield