70
CAUTION1
Critical
Immediate action required
0
High
Priority fixes suggested
0
Medium
Best practices review
0
Low
Acknowledged / Tracked
Trust Assessment
This report is partially verified. Deterministic layers ran, but LLM behavioral analysis (L4) was not executed for this scan.
The current score of 70/100 is provisional and may change after a full L4 verification run.
Last analyzed on February 10, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Manifest Analysis
70%Static Code Analysis
100%Dependency Graph
100%LLM Behavioral SafetyNot run
—Behavioral Risk Signals
Shell Execution
1 finding
Dynamic Code
1 finding
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/oakencore/skillvet/tests/fixtures/trigger-obfuscation/index.js:3 |