Trust Assessment
shorten received a trust score of 91/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 1 medium, and 1 low severity. Key findings include Node lockfile missing, Unanalyzed executable script defined as skill entry point.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unanalyzed executable script defined as skill entry point The `package.json` defines a script `shorten` that executes `./shorten.sh`. The content of `shorten.sh` is not provided in the analysis context. This means a critical part of the skill's execution logic is opaque to the analyzer, preventing a full security assessment of potential command injection vulnerabilities, data exfiltration, or other malicious behaviors within the script. Provide the `shorten.sh` script for analysis, or ensure its contents are thoroughly reviewed and sanitized against common vulnerabilities, especially command injection if it processes user input. | LLM | package.json:5 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/kesslerio/url-shortener/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/327eec53c184430f)
Powered by SkillShield