Trust Assessment
songsee received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include External Homebrew formula dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 18, 2026 (commit b62bd290). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | External Homebrew formula dependency The skill manifest declares a dependency on an external Homebrew formula (`steipete/tap/songsee`). If the upstream repository or the Homebrew tap itself is compromised, installing this dependency could lead to the execution of malicious code on the host system. This introduces a supply chain risk as the integrity of the external formula is not directly controlled by the skill package. Verify the integrity and trustworthiness of `steipete/tap/songsee` and its upstream project. Consider mirroring critical dependencies or using content-addressable hashes for verification if supported by the package manager to mitigate risks associated with external package sources. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/90b8d82d47d057f0)
Powered by SkillShield