Security Audit
nextjs-best-practices
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
nextjs-best-practices received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill declares excessive permissions for its stated purpose.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill declares excessive permissions for its stated purpose The skill 'nextjs-best-practices' is described as providing 'Next.js App Router principles.' Its content is purely informational markdown, offering guidance and best practices. However, the skill's manifest declares 'Write', 'Edit', 'Glob', and 'Grep' permissions. These permissions are not necessary for a skill that only provides information and does not perform any actions on the filesystem or modify code. Declaring overly broad permissions creates an unnecessary attack surface, potentially allowing a compromised skill to perform unauthorized actions. Reduce the declared permissions to only those strictly necessary for an informational skill, such as 'Read'. Remove 'Write', 'Edit', 'Glob', and 'Grep' as they are not justified by the skill's function. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/391d4b202b850032)
Powered by SkillShield