Skip to content
← Registry
Trust Report

zulk-url-shortener

Premium AI-first URL shortening and management with real-time analytics and team collaboration via MCP. Use when shortening links for marketing, tracking AI interactions, or managing custom domains. Keywords: url, shortener, analytics, link management, mcp.

76
CONDITIONAL
Format: openclawScanner: v0.8.0Duration: 24msScanned: 25d ago · Jun 12, 7:59 AMSource →
Embed this badge
AgentVerus CONDITIONAL 76AgentVerus CONDITIONAL 76AgentVerus CONDITIONAL 76
[![AgentVerus](https://agentverus.ai/api/v1/skill/c4cb943b-d377-485e-a543-abcfce47a97e/badge)](https://agentverus.ai/skill/c4cb943b-d377-485e-a543-abcfce47a97e)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

https://agentverus.ai/api/v1/skill/c4cb943b-d377-485e-a543-abcfce47a97e/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"c4cb943b-d377-485e-a543-abcfce47a97e","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/c4cb943b-d377-485e-a543-abcfce47a97e/trust

Category Scores

58
Permissions
100
Injection
52
Dependencies
65
Behavioral
65
Content
100
Code Safety

Findings (11)

highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: Exec

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highPackage bootstrap execution detected-15

Found package bootstrap execution pattern: "npx mcp-remote"

mcp_command: npx mcp-remote https://mcp.zu.lk/mcp

Surface package bootstrap commands for review. Ephemeral package execution and install-time dependency pulls increase supply-chain risk, especially when versions are not pinned or provenance is unclear.

behavioralASST-04
mediumCapability contract mismatch: inferred network access is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: https://github.com/Zu-lk/zulk-short-url-skill

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-04
mediumCapability contract mismatch: inferred remote delegation is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: Streamable HTTP

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-02
mediumCapability contract mismatch: inferred server exposure is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: MCP server

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
mediumCapability contract mismatch: inferred package bootstrap is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: npx mcp-remote

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
mediumHigh-risk workflow lacks explicit safety boundaries-15

The skill performs or enables higher-risk operations but does not define explicit safety boundaries describing what it must not do.

No safety boundary patterns found alongside high-risk capability language

Add a 'Safety Boundaries' section listing what the skill must NOT do (e.g., no file deletion, no network access beyond needed APIs).

contentASST-09
mediumMany external URLs referenced (7)-8

The skill references 7 external URLs and also discusses auth/API/payment workflows, which increases the chance that sensitive operations depend on many remote endpoints.

URLs: https://github.com/Zu-lk/zulk-short-url-skill, https://mcp.zu.lk/mcp, https://mcp.zu.lk/sse, https://google.com, https://zu.lk/z-skill...

Minimize external dependencies to reduce supply chain risk.

dependenciesASST-04
mediumCookie bootstrap redirect detected-10

Found cookie bootstrap redirect pattern: "server will"

- **Rate Limits**: If you exceed your plan's link limit, the MCP server will return an error indicating the limit has been reached.

Treat server-side cookie bootstrap redirects as credential handoff flows. Document URL leakage risks clearly and prefer safer cookie-setting mechanisms where possible.

behavioralASST-05
mediumFederated auth flow detected-10

Found federated auth flow pattern: "OAuth"

3. **Authentication**: When you first run a command like "shorten this link", the agent will present an OAuth URL. Follow the link to authenticate.

Treat OAuth, 2FA, and token-refresh guidance as authentication-sensitive workflows. Explain scope, storage, and refresh behavior clearly so agents do not handle more credential material than necessary.

behavioralASST-05
mediumUnknown external reference-8

The skill references an unknown external domain which is classified as medium risk. Merged overlapping signals from the repeated finding family: - Unknown external reference

https://mcp.zu.lk/mcp

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04