Trust Assessment
strykr-qa-bot received a trust score of 57/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 2 medium, and 1 low severity. Key findings include Missing required field: name, Unpinned npm dependency version, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned `web-qa-bot` peer dependency The `web-qa-bot` peer dependency is specified with a caret range (`^0.1.0`) in `package.json`. This allows any `0.1.x` version to be installed, making the skill vulnerable to supply chain attacks if a malicious update is published to `web-qa-bot` within this major version range. An attacker could introduce arbitrary code execution by publishing a compromised version. Pin the `web-qa-bot` dependency to an exact version (e.g., `"web-qa-bot": "0.1.0"`) to ensure deterministic installations and prevent unexpected updates. Alternatively, use a lockfile (e.g., `package-lock.json` or `yarn.lock`) and commit it to version control. | LLM | package.json:33 | |
| HIGH | Configurable network requests via `checkPrismEndpoints` The `StrykrQABot` skill can make network requests to arbitrary URLs through its `checkPrismEndpoints` method. The `baseUrl` and `prismEndpoints` parameters are configurable via the `StrykrConfig` object passed to the `StrykrQABot` constructor. If an LLM agent constructs this configuration based on untrusted user input, it could be coerced into performing Server-Side Request Forgery (SSRF) to internal network resources, or exfiltrating data to attacker-controlled external servers. This capability, while intended for testing, poses a significant risk if not properly constrained. Implement strict validation and sanitization for `baseUrl` and `prismEndpoints` to ensure they only point to allowed, trusted domains (e.g., `https://app.strykr.ai`). If the skill is intended to be used with dynamic URLs, ensure the LLM's access to this function is restricted or that the LLM itself is robustly guarded against prompt injection for these parameters, potentially by using a allowlist of permitted URLs. | LLM | src/strykr-bot.ts:120 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/nextfrontierbuilds/strykr-qa-bot/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency 'typescript' is not pinned to an exact version ('^5.3.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/nextfrontierbuilds/strykr-qa-bot/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/nextfrontierbuilds/strykr-qa-bot/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/7c4f30538e8a50e6)
Powered by SkillShield