Add SafeSkill security badge (87/100 — Passes with Notes)

[OyaAIProd]

⚠️ SafeSkill Security Scan Results

Metric	Value
Overall Score	87/100 (Passes with Notes)
Code Score	99/100
Content Score	68/100
Findings	26 findings detected (7 high)
Taint Flows	0
Files Scanned	0
Scan Duration	0.1s

Top Findings

• 🟠 high: Persona/safety hijack attempt detected (unrestricted-mode): "without limit" (licenses/Ude.NetStandard/gpl-2.0.txt:69)
• 🟠 high: Persona/safety hijack attempt detected (unrestricted-mode): "without limit" (licenses/Ude.NetStandard/lgpl-2.1.txt:134)
• 🟠 high: Persona/safety hijack attempt detected (unrestricted-mode): "without limit" (licenses/Ude.NetStandard/MPL-1.1.txt:58)
• 🟠 high: Persona/safety hijack attempt detected (unrestricted-mode): "without limit" (licenses/Ude.NetStandard/MPL-1.1.txt:147)
• 🟠 high: Persona/safety hijack attempt detected (unrestricted-mode): "WITHOUT LIMIT" (licenses/Ude.NetStandard/MPL-1.1.txt:310)

View full report on SafeSkill

---

About SafeSkill

SafeSkill is a free, open-source security scanner for AI tools, MCP servers, and Claude Code skills. We scan for code exploits, prompt injection, and data exfiltration risks.

False positive? We take accuracy seriously. If any finding above is incorrect, please open an issue and we will fix it immediately.

• GitHub | Website | Docs
• Built by Oya.ai -- AI Employees Builder

Summary by CodeRabbit

• Documentation
  • Added SafeSkill status badge to project documentation with link to scan results.

[coderabbitai]

📝 Walkthrough

Walkthrough

README.md is updated with a new SafeSkill status badge alongside existing Shields.io badges, providing a link to the project's SafeSkill scan results.

Changes

Cohort / File(s)	Summary
Documentation Update README.md	Adds SafeSkill status badge with link to scan results.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A badge hops into place so bright,
SafeSkill's seal shining in the light,
One little line, a trust to earn,
Safety status—now readers can discern! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a SafeSkill security badge to the README with the specific score from the scan results.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Warning

⚠️ This pull request might be slop. It has been flagged by CodeRabbit slop detection and should be reviewed carefully.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@README.md`:
- Line 8: Replace the hardcoded SafeSkill badge markdown string "[![SafeSkill
87/100](https://img.shields.io/badge/SafeSkill-87%2F100_Passes%20with%20Notes-yellow)](https://safeskill.dev/scan/yotsuda-powershell-mcp)"
with the dynamic endpoint
"[![SafeSkill](https://safeskill.dev/api/badge/yotsuda-powershell-mcp)](https://safeskill.dev/scan/yotsuda-powershell-mcp)"
in README.md so the badge automatically reflects the latest scan results; locate
the existing badge markdown on the line containing the SafeSkill badge and
replace it with the new API badge URL.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7f5dfeb6-af2f-428f-944a-e8828b35d175

📥 Commits

Reviewing files that changed from the base of the PR and between e8596f7 and 1238626.

📒 Files selected for processing (1)

• README.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

Does SafeSkill provide a dynamic badge URL (or Shields-compatible endpoint) that always shows the latest scan score/status for a repository?

💡 Result:

Yes, SafeSkill provides a dynamic badge URL at https://safeskill.dev/api/badge/{package-name} that displays the latest scan score/status for a repository or package. This endpoint generates Shields.io-compatible SVG badges showing the security score (e.g., 81/100 "Passes with Notes") based on the most recent scan, as evidenced by usage in scan result pages like https://safeskill.dev/scan/ipgeolocation-ipgeolocation-io-mcp, which includes the badge markdown . The badge updates automatically with new scans, providing a live indicator of the current status.

Citations:

• 1: https://safeskill.dev/scan/ipgeolocation-ipgeolocation-io-mcp
• 2: https://safeskill.dev/
• 3: https://github.com/VoltAgent/awesome-openclaw-skills/actions/runs/23706559962

---

Use SafeSkill's dynamic badge endpoint to keep the security score current.

At Line 8, the badge contains a hardcoded score (87/100 Passes with Notes) that will become stale after the next scan. SafeSkill provides a dynamic badge endpoint that updates automatically with each new scan.

Replace:

[![SafeSkill 87/100](https://img.shields.io/badge/SafeSkill-87%2F100_Passes%20with%20Notes-yellow)](https://safeskill.dev/scan/yotsuda-powershell-mcp)

With:

[![SafeSkill](https://safeskill.dev/api/badge/yotsuda-powershell-mcp)](https://safeskill.dev/scan/yotsuda-powershell-mcp)

The https://safeskill.dev/api/badge/yotsuda-powershell-mcp endpoint will always display the latest scan status.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` at line 8, Replace the hardcoded SafeSkill badge markdown string
"[![SafeSkill
87/100](https://img.shields.io/badge/SafeSkill-87%2F100_Passes%20with%20Notes-yellow)](https://safeskill.dev/scan/yotsuda-powershell-mcp)"
with the dynamic endpoint
"[![SafeSkill](https://safeskill.dev/api/badge/yotsuda-powershell-mcp)](https://safeskill.dev/scan/yotsuda-powershell-mcp)"
in README.md so the badge automatically reflects the latest scan results; locate
the existing badge markdown on the line containing the SafeSkill badge and
replace it with the new API badge URL.