Trust Assessment
security-sentinel received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 0 medium, and 2 low severity. Key findings include Node lockfile missing, Security scanner skips .env files, potentially missing secrets.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/autogame-17/security-sentinel/package.json | |
| LOW | Security scanner skips .env files, potentially missing secrets The `recursiveScan` function explicitly skips files ending with `.env` (`if (file.endsWith('.env')) continue;`). This prevents the security scanner from detecting secrets or sensitive configurations stored in environment files, which are a common location for such data. This creates a blind spot in the security audit. Remove `|| file.endsWith('.env')` from the skip condition to allow the scanner to analyze `.env` files for potential secrets. Ensure that the `secretPatterns` are robust enough to detect common patterns in `.env` files. | LLM | index.js:49 |
Scan History
Embed Code
[](https://skillshield.io/report/fb35ef204eac0c2d)
Powered by SkillShield