Trust Assessment
sheet-cog received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Dependency The skill's manifest specifies a dependency ('cellcog') without a version constraint. This means that any future update to the 'cellcog' package, including potentially malicious or vulnerable versions, could be automatically pulled in without explicit review by the skill author. This introduces a significant supply chain risk, as a compromised upstream dependency could lead to arbitrary code execution or data exfiltration within the skill's environment. Pin the dependency 'cellcog' to a specific, known-good version (e.g., `"cellcog==1.2.3"`) or use a version range with an upper bound (e.g., `"cellcog>=1.0.0,<2.0.0"`). Regularly review and update pinned dependencies to incorporate security patches. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/8db420004c03298b)
Powered by SkillShield