Trust Assessment
1inch received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized User Input in Shell Variables, Broad Tool Access (`curl`, `jq`).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsanitized User Input in Shell Variables The skill's example shell commands define variables like `FROM_ADDRESS` and `WALLET_ADDRESS` using placeholders such as `<YOUR_WALLET>`. These placeholders are intended to be replaced by user-provided input. If the AI agent (LLM) executing this skill directly substitutes user input into these shell variable assignments without proper shell escaping, a malicious user could inject arbitrary shell commands. For instance, if `<YOUR_WALLET>` is replaced with `0x1234"; rm -rf /; echo "`, the `rm -rf /` command would be executed on the host system. While `curl`'s `--data-urlencode` option helps mitigate injection into URL parameters, it does not protect against injection during the shell variable assignment phase. The AI agent executing this skill must ensure that any user-provided input used to populate shell variables is rigorously sanitized and shell-escaped before execution. This typically involves using robust escaping mechanisms (e.g., `printf %q` in bash) to prevent shell metacharacter injection. Alternatively, the skill definition could be refactored to use a safer method for passing parameters, such as environment variables or a dedicated scripting language that handles parameter passing securely. | LLM | SKILL.md:49 | |
| INFO | Broad Tool Access (`curl`, `jq`) The skill explicitly requires `curl` and `jq` binaries in its manifest. `curl` allows for arbitrary network requests, and `jq` for JSON processing. While these tools are necessary for the skill's intended functionality (interacting with the 1inch API), their broad capabilities could be leveraged for unintended actions (e.g., data exfiltration, external attacks) if combined with other vulnerabilities like command injection. This highlights the importance of robust input sanitization for any user-controlled data passed to these tools. Ensure that any user-controlled input passed to `curl` or `jq` is strictly validated and sanitized. Implement robust input validation to restrict `curl` to only intended endpoints and parameters. The LLM should be designed to only interact with the specified 1inch API endpoints and process expected JSON structures. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/49a672066d46457b)
Powered by SkillShield