Trust Assessment
x-to-kindle received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill instructs storage of sensitive email App Password in plaintext.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill instructs storage of sensitive email App Password in plaintext The skill's configuration section explicitly states that a Gmail App Password (`xxxx xxxx xxxx xxxx`) should be stored in `TOOLS.md`. Storing sensitive credentials like App Passwords in plaintext or in a configuration file like `TOOLS.md` (which might be accessible or logged in some environments) poses a significant security risk. If this file or the environment handling it is compromised, the App Password could be harvested, leading to unauthorized access to the associated email account and potential data exfiltration or abuse. Implement a secure credential management system. Do not store sensitive credentials directly in configuration files or plaintext. Instead, use environment variables, a dedicated secrets manager (e.g., AWS Secrets Manager, Azure Key Vault, HashiCorp Vault), or a secure prompt for user input at runtime. The skill should reference a secure method for retrieving the credential, not instruct its storage in a potentially insecure manner. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/027e69a400f30b14)
Powered by SkillShield