Trust Assessment
simul8or-trader received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned npm dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned npm dependency The skill installs the 'simul8or-trader' npm package globally without specifying a version. This means that 'npm install -g simul8or-trader' will always pull the latest version available on the npm registry. If a malicious update is published to this package, it could lead to a supply chain attack, compromising the system running the skill. This is a common risk for unpinned dependencies. Pin the dependency to a specific version (e.g., `npm install -g simul8or-trader@1.0.3`) to ensure reproducible and secure installations. Regularly audit and update pinned versions to benefit from security patches while mitigating unexpected changes. | LLM | SKILL.md:14 |
Scan History
Embed Code
[](https://skillshield.io/report/ad53fd034fc722d2)
Powered by SkillShield