Security Audit
react-patterns
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
react-patterns received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Excessive permissions declared for informational skill.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Excessive permissions declared for informational skill The skill 'react-patterns' declares 'Write', 'Edit', and 'Grep' permissions in its manifest. However, the provided `SKILL.md` content is purely informational, describing React patterns and principles. There is no apparent functional requirement for this skill to modify files ('Write', 'Edit') or perform file system searches ('Grep'). Declaring unnecessary broad permissions increases the attack surface and potential for misuse if the skill were to be compromised or instructed maliciously. Restrict the `allowed-tools` to only those strictly necessary for the skill's intended function. For an informational skill like this, `Read` and `Glob` might be sufficient, or even no file system access if it's purely internal knowledge. Remove `Write`, `Edit`, and `Grep` unless a clear justification for their necessity is provided by the skill's functionality. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/6f77f525d080a10e)
Powered by SkillShield