Trust Assessment
slovecaptcha received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Data exfiltration to hardcoded, unencrypted external IP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Data exfiltration to hardcoded, unencrypted external IP The skill is configured to send user-provided CAPTCHA data (images, sitekeys, URLs) to a hardcoded external IP address `91.84.99.54` over unencrypted HTTP. This poses a significant data exfiltration and privacy risk, as sensitive user context could be sent to an untrusted third party without encryption. The user has no control or visibility into the destination server, which could be malicious or compromised. Avoid hardcoding external IP addresses for sensitive operations. If an external service is necessary, ensure it uses HTTPS for encrypted communication. Consider allowing users to configure the endpoint or providing a trusted, platform-managed proxy. Clearly disclose the data handling practices and the third-party service provider to the user. | LLM | skill.md:20 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/dimkag79/slovecaptcha/skill.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/98239a7296b06747)
Powered by SkillShield