Trust Assessment
solidity-lsp received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned global dependency installation recommended.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned global dependency installation recommended The skill documentation recommends installing `solc`, `solhint`, and `slither-analyzer` globally without specifying exact versions. This introduces a supply chain risk, as future installations could pull in malicious or incompatible versions of these packages. An automated agent following these instructions could inadvertently install compromised software. This applies to `npm install -g solc` (line 20), `npm install -g solhint` (line 23), and `pip3 install slither-analyzer` (line 50). Specify exact versions for all recommended package installations (e.g., `npm install -g solc@0.8.0`, `npm install -g solhint@3.6.0`, `pip3 install slither-analyzer==0.10.0`). | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/5133714b27fdd75d)
Powered by SkillShield