Trust Assessment
security received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive 'Bash' tool permission declared.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive 'Bash' tool permission declared The skill declares 'Bash' as an allowed tool in its manifest. The 'Bash' tool grants the AI agent the ability to execute arbitrary shell commands on the host system. While potentially useful for a security analysis skill, this permission is highly privileged and significantly increases the attack surface for command injection, data exfiltration, or system compromise if the skill is exploited or misused. It should only be granted if absolutely essential and with strict input validation and sandboxing. Review if the 'Bash' tool is strictly necessary for the skill's intended functionality. If not, remove it. If essential, implement robust input validation for any user-provided data passed to Bash commands and ensure the execution environment is properly sandboxed with minimal privileges. Consider using more specific, less powerful tools if possible. | LLM | Manifest (frontmatter JSON):1 |
Scan History
Embed Code
[](https://skillshield.io/report/bea757f254fa761d)
Powered by SkillShield