Security Audit
azure-servicebus-ts
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
azure-servicebus-ts received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Dependencies in Installation Instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Dependencies in Installation Instructions The installation instructions recommend installing `@azure/service-bus` and `@azure/identity` without specifying a version. This practice can lead to supply chain risks, as a user might inadvertently install a compromised or incompatible version if a malicious package is published under the same name or if breaking changes are introduced in a new major version. It is best practice to pin dependencies to specific versions or at least major versions (e.g., `^1.0.0`) to ensure stability and security. Update the installation instructions to specify exact or at least major versions for dependencies, e.g., `npm install @azure/service-bus@^7.0.0 @azure/identity@^3.0.0`. For production environments, consider using a lock file (e.g., `package-lock.json`) to ensure deterministic builds. | LLM | SKILL.md:9 |
Scan History
Embed Code
[](https://skillshield.io/report/f667a7d94a207da9)
Powered by SkillShield