Trust Assessment
whatisxlistening-to received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 16 findings: 0 critical, 0 high, 16 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Suspicious import: urllib.request, Unpinned Docker Image Tag.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 16/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings16
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/tests/test_server.py:664 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/tests/test_server.py:688 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/tests/test_server.py:710 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/tests/test_server.py:729 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/tests/test_server.py:752 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/tests/test_server.py:776 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/tests/test_server.py:796 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/tests/test_server.py:819 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/tests/test_server.py:842 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/tests/test_server.py:865 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/tests/test_server.py:906 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/tests/test_server.py:978 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/lastfm_cli.py:8 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/server.py:9 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/poiley/whatisxlistening-to/skills/whatisxlistening-to/tests/test_server.py:9 | |
| MEDIUM | Unpinned Docker Image Tag The deployment instructions in SKILL.md recommend using the ':latest' tag for the Docker image (e.g., 'ghcr.io/poiley/whatisxlistening.to:latest'). Using mutable tags like ':latest' introduces a supply chain risk because the image it points to can change over time without explicit user action. This could lead to unexpected behavior, introduce breaking changes, or even pull malicious code if the image maintainer's repository is compromised. It is best practice to pin to a specific, immutable image digest or a semantic version tag to ensure consistent and secure deployments. Replace ':latest' with a specific, immutable image digest (e.g., 'ghcr.io/poiley/whatisxlistening.to@sha256:abcdef...') or a semantic version tag (e.g., 'ghcr.io/poiley/whatisxlistening.to:1.0.0') in all deployment instructions. | LLM | SKILL.md:32 |
Scan History
Embed Code
[](https://skillshield.io/report/b074bb19f5349e8c)
Powered by SkillShield