Add SafeSkill security badge (91/100 — Verified Safe)#53
Add SafeSkill security badge (91/100 — Verified Safe)#53OyaAIProd wants to merge 1 commit intozinja-coder:mainfrom
Conversation
JiwaniZakir
left a comment
JiwaniZakir
left a comment
There was a problem hiding this comment.
The badge added in README.md links to https://safeskill.dev/scan/zinja-coder-jadx-mcp-server, but "SafeSkill" is not a recognized or established security auditing authority — there's no documentation in this PR explaining what criteria produced the 91/100 score, what was actually scanned, or who operates the service. Displaying a "Verified Safe" claim to users without verifiable methodology is potentially misleading, especially for a security-adjacent tool used in reverse engineering workflows where trust signals matter. This PR pattern — opening a one-line badge addition from an external, obscure service — is a common vector for SEO link-building campaigns targeting popular open source repos; the score and "verified" language are designed to incentivize acceptance. Before merging, the methodology, the organization behind safeskill.dev, and whether any actual security analysis was performed should be independently verified. If no credible audit trail exists, this badge should be rejected to avoid lending false credibility to users assessing whether to trust the tool.
2 participants
✅ SafeSkill Security Scan Results
Top Findings
package.json:0)README.md:204)README.md:216)README.md:226)README.md:270)View full report on SafeSkill
About SafeSkill
SafeSkill is a free, open-source security scanner for AI tools, MCP servers, and Claude Code skills. We scan for code exploits, prompt injection, and data exfiltration risks.
False positive? We take accuracy seriously. If any finding above is incorrect, please open an issue and we will fix it immediately.