Trust Assessment
use-soulseek received a trust score of 87/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Unpinned global npm package installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/svidovich/use-soulseek/SKILL.md:1 | |
| MEDIUM | Unpinned global npm package installation The skill instructs the user to install `soulseek-cli` globally via `npm install -g soulseek-cli` without specifying a version. This means that future installations could pull a malicious or vulnerable version if the package maintainer's repository is compromised or if a malicious actor publishes a new version. This introduces a supply chain risk for the user. Recommend specifying a version for `npm install -g soulseek-cli` (e.g., `npm install -g soulseek-cli@1.2.3`) to ensure deterministic and secure installations. Alternatively, advise users to review the package's integrity before installation. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/66ac13abd7a5ece7)
Powered by SkillShield