Trust Assessment
semantic-search-cwicr received a trust score of 59/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 2 high, 2 medium, and 1 low severity. Key findings include Missing required field: name, Unpinned Python dependencies, External data download lacks integrity verification.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 61/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Python dependencies The `pip install` command specifies Python packages (`qdrant-client`, `openai`, `pandas`) without version pinning. This can lead to non-deterministic builds, installation of vulnerable package versions, or breaking changes if newer versions introduce incompatibilities or security regressions. It is a supply chain risk as an attacker could potentially inject malicious code into a new version of an unpinned dependency. Pin all dependencies to specific versions (e.g., `qdrant-client==1.8.0 openai==1.14.0 pandas==2.2.1`) to ensure reproducible and secure installations. | LLM | SKILL.md:40 | |
| HIGH | External data download lacks integrity verification The skill instructs to download a Qdrant snapshot from a GitHub release using `wget`. There is no checksum (e.g., SHA256) provided to verify the integrity and authenticity of the downloaded file. A compromised GitHub account or release process could lead to the download of a malicious or corrupted snapshot, posing a supply chain risk. Provide a cryptographic hash (e.g., SHA256) for the `qdrant_snapshot_en.tar.gz` file and instruct users to verify it after download to ensure its integrity and authenticity. | LLM | SKILL.md:45 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/datadrivenconstruction/semantic-search-cwicr/SKILL.md:1 | |
| MEDIUM | User queries sent to external OpenAI API The `get_embedding` method sends user-provided text queries to the OpenAI API (`openai.embeddings.create`) for generating vector embeddings. This means that any sensitive or private information contained within the user's search queries will be transmitted to OpenAI. While this is a core functionality, it represents a data privacy consideration and potential data exfiltration to a third-party service that should be explicitly disclosed to users. Add a clear disclaimer in the skill's documentation or description stating that user input for search queries is sent to OpenAI for processing. Advise users against including highly sensitive personal identifiable information (PII) in their queries if data privacy is a critical concern. | LLM | SKILL.md:60 | |
| LOW | Docker command uses bind mount for storage The setup instructions include a `docker run` command that uses a bind mount (`-v $(pwd)/qdrant_storage:/qdrant/storage`). This grants the Qdrant container write access to a directory on the host machine. While common for local development, if the Qdrant container were to be compromised, it could potentially write malicious files to the host's `qdrant_storage` directory, representing a potential excessive permission for the container. For production or more secure deployments, consider using Docker volumes instead of bind mounts for better isolation and management of data. Ensure the `qdrant_storage` directory has appropriate permissions and is isolated from other sensitive host directories. | LLM | SKILL.md:48 | |
| INFO | Skill requires and uses OpenAI API key The skill utilizes the `openai` library to interact with the OpenAI API for generating embeddings. This requires an OpenAI API key to be present in the environment (typically via `OPENAI_API_KEY`). While the code itself does not show credential harvesting, the presence and usage of an API key mean that if the skill's execution environment is compromised, the API key could be at risk. Emphasize the importance of securely managing the OpenAI API key, such as using environment variables, secret management services, or role-based access control, and ensuring the execution environment is hardened against unauthorized access. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/26b9b51798ef897e)
Powered by SkillShield