Trust Assessment
riddle received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned dependency in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned dependency in installation instructions The skill instructs the user to install the `@riddledc/openclaw-riddledc` plugin using `openclaw plugins install @riddledc/openclaw-riddledc` without specifying a version. This can lead to the automatic installation of a potentially malicious or breaking update if the package maintainer's account is compromised or a malicious package is published under the same name. While the skill mentions npm provenance and checksums, the direct installation instruction does not leverage version pinning. Pin the dependency to a specific version (e.g., `openclaw plugins install @riddledc/openclaw-riddledc@1.0.0`) or use a version range with a lower bound to ensure predictable and secure installations. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/f8dfba8e49d0758f)
Powered by SkillShield