Trust Assessment
skill-architect received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 0 low severity. Key findings include Unpinned Optional Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 81e7e0dd). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| INFO | Unpinned Optional Dependency The script `scripts/validate_skill.py` attempts to import and use the `PyYAML` library if available, but it does not specify a version. While `yaml.safe_load` is used (which is generally safer than `yaml.load`), an unpinned dependency can introduce supply chain risks if a future vulnerable version of `PyYAML` is installed. The script does include a fallback parser if `PyYAML` is not present, which mitigates the immediate impact. If `PyYAML` is an intended dependency, pin it to a known safe version (e.g., `PyYAML==6.0.1`) in a `requirements.txt` file or similar dependency management system. If it's truly optional and the fallback is sufficient, consider removing the `try...except` block to avoid the dependency entirely. | Static | scripts/validate_skill.py:16 |
Scan History
Embed Code
[](https://skillshield.io/report/43b4d3beb0cb2c1a)
Powered by SkillShield