Trust Assessment
specstory-organize received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Insufficient Declared Permissions for File Operations.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 9454d3f2). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Insufficient Declared Permissions for File Operations The skill's manifest declares 'Read' permission, but the `organize.py` script performs file write operations such as creating directories (`os.mkdir`), removing files (`os.remove`), and moving files (`shutil.move`). For the skill to function correctly, it requires 'Write' or 'Filesystem' permissions, not just 'Read'. This discrepancy could lead to runtime errors if the agent strictly enforces the declared 'Read' permission, or it misrepresents the actual capabilities required by the skill. Update the `allowed-tools` in the skill's manifest to accurately reflect the required permissions, such as 'Write' or 'Filesystem', in addition to 'Read' and 'Bash'. | Static | manifest.json:1 |
Scan History
Embed Code
[](https://skillshield.io/report/02dd23bf4ba25a19)
Powered by SkillShield