Trust Assessment
stock-price-checker received a trust score of 98/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Unpinned Python dependency `yfinance`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Unpinned Python dependency `yfinance` The skill relies on the `yfinance` Python library, but its version is not pinned in the manifest. This means that future installations could pull any version of `yfinance`, potentially introducing breaking changes, vulnerabilities, or even malicious code if the package maintainer's account is compromised. While `yfinance` is a common library, best practice dictates pinning dependencies to specific versions to ensure reproducibility and mitigate supply chain risks. Additionally, `yfinance` is listed under `bins` which typically refers to system executables, not Python packages, indicating a potential misconfiguration in dependency declaration. Specify a precise version for `yfinance` in the manifest (e.g., `yfinance==0.2.28`) or use a `requirements.txt` file with pinned versions. If the `bins` section is strictly for executables, consider adding a `python_packages` or similar section for Python library dependencies. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/effd0ff26f20ed02)
Powered by SkillShield