Trust Assessment
regex-writer received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned external tool dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned external tool dependency The skill's documentation recommends using the `npx ai-regex` command. `npx` by default fetches and executes the latest version of the `ai-regex` package from npm. Without a pinned version, there's a risk that a future malicious or vulnerable version of `ai-regex` could be published and subsequently executed, leading to a supply chain compromise for the user. Specify a version for the `ai-regex` package in the documentation (e.g., `npx ai-regex@1.2.3`) to ensure consistent and secure execution, or provide guidance on how users can verify the package's integrity. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/b6e6712688fad4d8)
Powered by SkillShield