Trust Assessment
settlement-witness received a trust score of 100/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include External data transfer to unverified endpoint.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | External data transfer to unverified endpoint The skill describes sending user-provided `task_id`, `spec`, and `output` objects to an external HTTPS endpoint (`https://defaultverifier.com/settlement-witness`). While the skill includes a safety note advising against sending secrets, the transfer of arbitrary user-defined data to an external service always carries a risk of data exfiltration if sensitive information is inadvertently or intentionally included. The domain `defaultverifier.com` is a placeholder and its trustworthiness cannot be assessed. Ensure that the `defaultverifier.com` endpoint is controlled and secured, or replace it with a trusted, verified endpoint. Implement strict input validation and sanitization for `spec` and `output` to prevent sensitive data from being sent. Reinforce the safety notes within the skill's documentation and provide clear examples of non-sensitive data. | LLM | SKILL.md:12 |
Scan History
Embed Code
[](https://skillshield.io/report/a8a13c825554215f)
Powered by SkillShield