Trust Assessment
nft-standards received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned external dependencies in Solidity examples.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 5d65aa10). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned external dependencies in Solidity examples The Solidity code examples provided in the skill use external dependencies (e.g., `@openzeppelin/contracts`, `erc721a/contracts/ERC721A.sol`) without specifying exact versions. This practice introduces a supply chain risk for developers who might use these examples as a base for their projects. If a new version of an unpinned dependency introduces a breaking change or a security vulnerability, the resulting smart contract could inherit these issues without explicit developer action to update or review. When providing code examples for production use, specify exact versions for all external dependencies (e.g., `import "@openzeppelin/contracts@4.9.0/token/..."`). This ensures deterministic builds and prevents unexpected issues from upstream dependency updates. Developers should be advised to pin versions in their own projects. | Static | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/655046c08adea9db)
Powered by SkillShield