Trust Assessment
slack-hub-skill received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 0 high, 2 medium, and 1 low severity. Key findings include Missing required field: name, Suspicious import: requests, Unpinned Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Missing required field: name The 'name' field is required for openclaw skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/icyfrosty/slack-hub-skill/SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/icyfrosty/slack-hub-skill/slack_hub.py:2 | |
| LOW | Unpinned Dependency The skill's `skill.json` manifest declares a dependency on 'requests' without specifying a version. This can lead to unexpected behavior, breaking changes, or security vulnerabilities if a future version of the dependency introduces issues or incompatible changes. It's best practice to pin dependencies to a specific version or a version range. Pin the 'requests' dependency to a specific version or a compatible version range (e.g., `"requests==2.28.1"` or `"requests>=2.28.0,<3.0.0"`) in `skill.json`. | LLM | skill.json:7 |
Scan History
Embed Code
[](https://skillshield.io/report/d1c83fa835f9d1b2)
Powered by SkillShield