Security Audit
use-algokit-utils
github.com/algorand-devrel/algorand-agent-skillsTrust Assessment
use-algokit-utils received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Credential Harvesting via Environment Variable Access.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, dependency_graph, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit aafc1c60). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Credential Harvesting via Environment Variable Access The skill instructs the use of `AlgorandClient.fromEnvironment()` and `algorand.account.fromEnvironment()`. These functions are designed to read blockchain network configuration and account private keys (mnemonics) from environment variables. While this is a standard pattern for developer tools, it provides a direct pathway for the agent to access any environment variable on the host system. An attacker could craft a prompt that tricks the agent into reading sensitive secrets (e.g., API keys, cloud credentials) from the environment and exfiltrating them. The agent's execution environment should be strictly sandboxed, exposing only the minimum required environment variables. Implement a policy within the agent to disallow reading environment variables with names derived from untrusted user input. Use an allow-list for environment variable names that can be accessed. | Unknown | SKILL.md:45 |
Scan History
Embed Code
[](https://skillshield.io/report/552f1a2c11e3d5ff)
Powered by SkillShield