Security Audit
defi-protocol-templates
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
defi-protocol-templates received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 0 high, 0 medium, and 4 low severity. Key findings include Unpinned Solidity Pragma Version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Unpinned Solidity Pragma Version The Solidity code uses a caret (`^`) in the pragma directive (`pragma solidity ^0.8.0;`), which allows compilation with any 0.8.x version. While common in development, this is technically an unpinned dependency on the compiler version. Future minor versions of the Solidity compiler could introduce breaking changes or subtle behavioral differences, potentially leading to unexpected contract behavior or vulnerabilities if the code is compiled with a different version than intended. As these are 'production-ready templates', a more precise pragma would enhance security and reproducibility. Pin the Solidity pragma to an exact compiler version (e.g., `pragma solidity 0.8.19;`) for production-ready templates to ensure deterministic compilation behavior. | LLM | SKILL.md:24 | |
| LOW | Unpinned Solidity Pragma Version The Solidity code uses a caret (`^`) in the pragma directive (`pragma solidity ^0.8.0;`), which allows compilation with any 0.8.x version. While common in development, this is technically an unpinned dependency on the compiler version. Future minor versions of the Solidity compiler could introduce breaking changes or subtle behavioral differences, potentially leading to unexpected contract behavior or vulnerabilities if the code is compiled with a different version than intended. As these are 'production-ready templates', a more precise pragma would enhance security and reproducibility. Pin the Solidity pragma to an exact compiler version (e.g., `pragma solidity 0.8.19;`) for production-ready templates to ensure deterministic compilation behavior. | LLM | SKILL.md:89 | |
| LOW | Unpinned Solidity Pragma Version The Solidity code uses a caret (`^`) in the pragma directive (`pragma solidity ^0.8.0;`), which allows compilation with any 0.8.x version. While common in development, this is technically an unpinned dependency on the compiler version. Future minor versions of the Solidity compiler could introduce breaking changes or subtle behavioral differences, potentially leading to unexpected contract behavior or vulnerabilities if the code is compiled with a different version than intended. As these are 'production-ready templates', a more precise pragma would enhance security and reproducibility. Pin the Solidity pragma to an exact compiler version (e.g., `pragma solidity 0.8.19;`) for production-ready templates to ensure deterministic compilation behavior. | LLM | SKILL.md:170 | |
| LOW | Unpinned Solidity Pragma Version The Solidity code uses a caret (`^`) in the pragma directive (`pragma solidity ^0.8.0;`), which allows compilation with any 0.8.x version. While common in development, this is technically an unpinned dependency on the compiler version. Future minor versions of the Solidity compiler could introduce breaking changes or subtle behavioral differences, potentially leading to unexpected contract behavior or vulnerabilities if the code is compiled with a different version than intended. As these are 'production-ready templates', a more precise pragma would enhance security and reproducibility. Pin the Solidity pragma to an exact compiler version (e.g., `pragma solidity 0.8.19;`) for production-ready templates to ensure deterministic compilation behavior. | LLM | SKILL.md:250 |
Scan History
Embed Code
[](https://skillshield.io/report/544a0c50690a70b0)
Powered by SkillShield