Trust Assessment
smart-followups received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 1 high, 4 medium, and 1 low severity. Key findings include Unsafe deserialization / dynamic eval, Sensitive environment variable access: $ANTHROPIC_API_KEY, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Undeclared/Unpinned Dependency: @anthropic-ai/sdk The `cli/followups-cli.js` file uses `@anthropic-ai/sdk` via a `require` statement, but this dependency is not explicitly declared in the `package.json` file's `dependencies` section. This can lead to inconsistent builds, unexpected versions of the library being used (potentially introducing security vulnerabilities), or runtime errors if the dependency is not manually installed or resolved by the environment. Add a `dependencies` section to `package.json` and include `@anthropic-ai/sdk` with a pinned or semver-compatible version (e.g., `"@anthropic-ai/sdk": "^0.x.y"`). Ensure `npm install` is run to resolve the dependency. | LLM | package.json:1 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/robbyczgw-cla/smart-followups/cli/followups-cli.js:175 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/robbyczgw-cla/smart-followups/handler.js:44 | |
| MEDIUM | Sensitive environment variable access: $ANTHROPIC_API_KEY Access to sensitive environment variable '$ANTHROPIC_API_KEY' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/robbyczgw-cla/smart-followups/test.sh:9 | |
| MEDIUM | Sensitive environment variable access: $ANTHROPIC_API_KEY Access to sensitive environment variable '$ANTHROPIC_API_KEY' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/robbyczgw-cla/smart-followups/verify.sh:94 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/robbyczgw-cla/smart-followups/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/2414615f14aa017c)
Powered by SkillShield