Trust Assessment
4chad received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unverified file downloads during installation, Unpinned Node.js dependencies for signing script, Private key exposed in command-line arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unverified file downloads during installation The skill's installation instructions in `SKILL.md` and the `manual` install section of `skill.json` use `curl -s` to download critical skill files (`SKILL.md`, `sign-transaction.js`, etc.) directly from `https://4chad.xyz` without any integrity verification mechanisms (e.g., checksums, GPG signatures). This makes the skill vulnerable to supply chain attacks. If `4chad.xyz` were compromised, an attacker could replace these files with malicious versions, leading to arbitrary code execution or credential harvesting on the user's system. Implement integrity checks for downloaded files. This could involve providing SHA256 checksums that users can verify, or signing the files with a GPG key and instructing users to verify the signature. Alternatively, distribute the skill through a trusted package manager that handles integrity verification. | LLM | SKILL.md:32 | |
| MEDIUM | Unpinned Node.js dependencies for signing script The `sign-transaction.js` script relies on `@solana/web3.js` and `bs58`. The `SKILL.md` instructs users to install these dependencies using `npm install @solana/web3.js bs58` without specifying exact or pinned versions. This can lead to installing the latest available versions, which might introduce breaking changes, vulnerabilities, or unexpected behavior if a malicious update is pushed to the npm registry. Pin the versions of Node.js dependencies (e.g., `npm install @solana/web3.js@^1.x.x bs58@^5.x.x`) or, ideally, provide a `package.json` and `package-lock.json` file to ensure deterministic and secure dependency resolution. | LLM | SKILL.md:174 | |
| MEDIUM | Private key exposed in command-line arguments The `sign-transaction.js` script is invoked with the `SOLANA_PRIVATE_KEY` directly as a command-line argument (`node sign-transaction.js "$UNSIGNED_TX" "$SOLANA_PRIVATE_KEY"`). While this approach keeps the private key local to the machine, command-line arguments are often visible to other processes on the same system (e.g., via `ps aux` or `/proc/<pid>/cmdline`). This creates a potential exposure risk for the private key to other users or compromised processes running on the same system. Modify the `sign-transaction.js` script to read the private key from a more secure source, such as a file descriptor (e.g., `/dev/stdin` if piped securely), a dedicated environment variable that the script accesses directly without it being passed as an argument, or by prompting the user for input in a way that masks the input. | LLM | SKILL.md:219 |
Scan History
Embed Code
[](https://skillshield.io/report/63b6935749c3076c)
Powered by SkillShield