Trust Assessment
swarm received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Arbitrary Code Execution via npm install in postInstall hook, High-Privilege Supabase Service Key Required for Setup, Unpinned Dependencies in package.json.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary Code Execution via npm install in postInstall hook The skill's manifest includes a `postInstall` script that executes `npm install --production`. This command can trigger arbitrary code execution through `preinstall`, `install`, or `postinstall` scripts defined in the `package.json` of any of its dependencies or sub-dependencies. A malicious package in the dependency tree could exploit this to run arbitrary commands on the host system during installation, leading to compromise. Review all direct and transitive dependencies for known vulnerabilities or suspicious behavior. Consider using a package manager that provides stronger integrity checks and sandboxing for install scripts, or auditing dependencies more rigorously. For critical skills, consider vendoring dependencies or using a strict package manager policy. | LLM | SKILL.md | |
| MEDIUM | High-Privilege Supabase Service Key Required for Setup The `scripts/setup-supabase.js` script requires `SUPABASE_SERVICE_KEY` from environment variables. This key typically grants broad administrative privileges to the Supabase project, including schema modifications and data access. While necessary for the script's intended function (setting up database tables), using such a high-privilege key increases the risk surface. If this key is compromised or misused, it could lead to significant data exfiltration, modification, or denial of service for the Supabase project. Advise users to use the principle of least privilege when generating `SUPABASE_SERVICE_KEY`. If possible, create a dedicated Supabase role with only the minimum necessary permissions (e.g., `INSERT`, `SELECT`, `DELETE` on `swarm_blackboard` table, and `CREATE TABLE` if schema creation is dynamic) rather than using the full `service_role` key. Ensure the key is stored securely and not hardcoded or committed to version control. | LLM | scripts/setup-supabase.js:10 | |
| MEDIUM | Unpinned Dependencies in package.json The `package.json` file uses caret ranges (`^`) for its dependencies (`@google/generative-ai`, `@supabase/supabase-js`, `js-yaml`, `playwright`). This allows `npm install` to automatically update to new minor or patch versions. While `package-lock.json` pins exact versions for reproducible builds, relying solely on it can be risky if the lockfile is not always used or is updated. New versions could introduce breaking changes, vulnerabilities, or even malicious code without explicit review. Pin exact versions for all dependencies in `package.json` (e.g., `0.24.1` instead of `^0.24.1`). Alternatively, use tilde ranges (`~`) to restrict updates to only patch versions. Regularly audit dependencies for known vulnerabilities using tools like `npm audit`. | LLM | package.json:37 |
Scan History
Embed Code
[](https://skillshield.io/report/1b76fb52870cd316)
Powered by SkillShield