Trust Assessment
web-search-hub received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned `duckduckgo-search` dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned `duckduckgo-search` dependency The skill instructs users to install the `duckduckgo-search` library without specifying a version. This can lead to non-reproducible environments and potentially introduce vulnerabilities if future versions of the library contain security flaws or breaking changes. It also increases the risk of breaking changes in the dependency causing the skill to fail. Pin the `duckduckgo-search` dependency to a specific, known-good version (e.g., `pip install duckduckgo-search==X.Y.Z`) to ensure consistent and secure installations. Consider using a `requirements.txt` file for managing dependencies. | LLM | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/0f1d6d8b21d21f56)
Powered by SkillShield