Trust Assessment
tg-checkin received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Inconsistent Chat Title Verification Leads to Potential Misdirection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Inconsistent Chat Title Verification Leads to Potential Misdirection The skill's `SKILL.md` and `tg-logic.js` explicitly state and implement strict chat title verification (exact match) to prevent sending messages to the wrong group. However, `scripts/tg_robust_logic.js` contains a `navigateToChat` function that uses a less strict verification (`currentTitle.includes(targetName.slice(0, 4))`). If the AI agent or skill execution environment were to use `tg_robust_logic.js` instead of, or in addition to, `tg-logic.js`, it could lead to misidentifying the target chat. This could result in messages being sent to an unintended recipient, potentially exposing private information or causing unintended actions, which is a form of data exfiltration. Ensure all chat navigation and verification logic adheres to the strict matching requirement outlined in `SKILL.md`. Either remove `scripts/tg_robust_logic.js` if it's not intended for use, or update its `navigateToChat` function to perform an exact title match (e.g., `currentTitle === targetName`) consistent with `tg-logic.js`. | LLM | scripts/tg_robust_logic.js:35 |
Scan History
Embed Code
[](https://skillshield.io/report/45eb45e983cbe6f3)
Powered by SkillShield