Trust Assessment
review-summarizer received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Dangerous call: __import__().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Python builtins/import manipulation Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/michael-laffin/review-summarizer/scripts/compare_reviews.py:64 | |
| HIGH | Dangerous call: __import__() Call to '__import__()' detected in function 'format_comparison_markdown'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/michael-laffin/review-summarizer/scripts/compare_reviews.py:64 |
Scan History
Embed Code
[](https://skillshield.io/report/11be57f1bf07d22f)
Powered by SkillShield