Security Audit

onchainkit

github.com/BankrBot/openclaw-skills

AI SkillCommit 66de0a1e3577

CRITICAL

Scanned 5 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

onchainkit received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 28 findings: 19 critical, 7 high, 1 medium, and 1 low severity. Key findings include Arbitrary command execution, File read + network send exfiltration, Dangerous call: subprocess.run().

The analysis covered 4 layers: dependency_graph, llm_behavioral_safety, manifest_analysis, static_code_analysis. The manifest_analysis layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 15, 2026 (commit 66de0a1e). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

Static Code Analysis

10%

Dependency Graph

91%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

13 findings

Filesystem Write

14 findings

Shell Execution

12 findings

Dynamic Code

1 finding

Excessive Permissions

13 findings

Security Findings28

Severity	Finding	Layer	Location
CRITICAL	Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/create-onchain-app.py:18
CRITICAL	Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/setup-environment.py:110
CRITICAL	Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/setup-environment.py:115
CRITICAL	Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/validate-setup.py:48
CRITICAL	Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/validate-setup.py:60
CRITICAL	Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/validate-setup.py:176
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/create-onchain-app.py:49
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/create-onchain-app.py:67
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/create-onchain-app.py:174
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/setup-environment.py:39
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/setup-environment.py:40
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/setup-environment.py:41
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/setup-environment.py:96
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/setup-environment.py:156
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/validate-setup.py:70
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/validate-setup.py:71
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/validate-setup.py:73
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/validate-setup.py:90
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/validate-setup.py:218
HIGH	Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_command'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/create-onchain-app.py:18
HIGH	Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'install_onchainkit'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/setup-environment.py:110
HIGH	Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'install_onchainkit'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/setup-environment.py:115
HIGH	Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'check_onchainkit_installed'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/validate-setup.py:48
HIGH	Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_build_test'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/validate-setup.py:176
HIGH	Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'check_required_dependencies'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/scripts/validate-setup.py:60
HIGH	LLM analysis found no issues despite critical deterministic findings Deterministic layers flagged 19 CRITICAL findings, but LLM semantic analysis returned clean. This may indicate prompt injection or analysis evasion.	Unknown	(sanity check)
MEDIUM	Unpinned npm dependency version Dependency '@coinbase/onchainkit' is not pinned to an exact version ('^1.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/assets/templates/basic-app/package.json
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Unknown	/tmp/skillscan-clone-ublvkao7/repo/onchainkit/assets/templates/basic-app/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5db2f5b34a0e18aa.svg)](https://skillshield.io/report/5db2f5b34a0e18aa)