Trust Assessment
yahoo-finance-forex received a trust score of 92/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 1 medium, and 1 low severity. Key findings include Node lockfile missing, Unpinned Python dependency 'yfinance'.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Python dependency 'yfinance' The `yfinance` package is specified with a minimum version (`>=0.2.40`) but not an exact, pinned version. This practice can introduce supply chain risks, as future versions of the dependency might contain vulnerabilities, breaking changes, or unexpected behavior. Pinning dependencies to exact versions ensures reproducibility and prevents unintended updates. Pin the `yfinance` dependency to an exact version (e.g., `yfinance==0.2.40`) to ensure consistent and secure installations. Regularly review and update pinned dependencies to incorporate necessary security patches and features. | LLM | SKILL.md:1 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/nazimboudeffa/yahoo-finance-forex/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/ae8e6ea0b14cdcb1)
Powered by SkillShield