Trust Assessment
self-taught-ml-career-path received a trust score of 98/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Unnecessary executable script in skill package.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Unnecessary executable script in skill package The skill package, described in its manifest as a 'discussion' skill, includes an executable Python script (`scripts/example.py`). While the current script is a benign placeholder, its presence indicates a capability for arbitrary code execution that appears excessive for the skill's stated purpose. The script's `TODO` comment explicitly suggests adding logic for 'data processing, file conversion, API calls, etc.', which could introduce security risks if not properly sandboxed or if the script were to be replaced with malicious code. If the AI agent automatically executes scripts within skill packages, this represents an unnecessary attack surface. Remove `scripts/example.py` if code execution is not strictly essential for the skill's core 'discussion' functionality. If code execution is genuinely required, ensure strict sandboxing, input validation, and least privilege principles are applied to any executed code. | LLM | scripts/example.py:10 |
Scan History
Embed Code
[](https://skillshield.io/report/9a6a4294647da08f)
Powered by SkillShield