Trust Assessment
tasktime received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned Third-Party Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Third-Party Dependency The skill installs the `@versatly/tasktime` npm package without specifying a version or version range. This means that `npm install -g @versatly/tasktime` will always fetch the latest available version. If a future version of this package introduces a vulnerability or malicious code, the agent installing this skill would automatically be compromised. This poses a significant supply chain risk. Pin the `@versatly/tasktime` dependency to a specific version or a narrow version range (e.g., `"@versatly/tasktime@1.2.3"` or `"@versatly/tasktime@^1.2.0"`) in the `package` field of the manifest's `install` section. Regularly review and update the pinned version to incorporate security fixes. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/e146cb5a52cca509)
Powered by SkillShield