Trust Assessment
securityreview received a trust score of 56/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 2 medium, and 0 low severity. Key findings include Hardcoded AWS Access Key detected, Potential hardcoded secret (high entropy), Missing required field: name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Hardcoded AWS Access Key detected A hardcoded AWS Access Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/kylehuan/securityreview/SKILL.md:40 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.66) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/kylehuan/securityreview/SKILL.md:41 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/kylehuan/securityreview/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/ef025ab8fffa5304)
Powered by SkillShield