Trust Assessment
abstract-onboard received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 29 findings: 2 critical, 18 high, 7 medium, and 2 low severity. Key findings include File read + network send exfiltration, Unsafe deserialization / dynamic eval, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings29
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/masoncags-tech/abstract-onboard/scripts/myriad-buy-direct.js:10 | |
| CRITICAL | File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/masoncags-tech/abstract-onboard/scripts/myriad-trade.js:12 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/masoncags-tech/abstract-onboard/scripts/aborean-quote.js:173 | |
| HIGH | Credential Harvesting via Environment Variable Multiple scripts directly access `process.env.WALLET_PRIVATE_KEY` or `process.env.PRIVATE_KEY` to sign blockchain transactions. While this is the intended functionality for a blockchain interaction skill, it exposes the private key to the execution environment. A compromised agent or malicious input could potentially leverage this access to exfiltrate the private key or perform unauthorized transactions. Consider using a secure key management system (KMS) or hardware security module (HSM) instead of directly exposing private keys as environment variables. If environment variables are necessary, ensure strict access controls on the execution environment and implement robust input validation to prevent manipulation. | LLM | scripts/call-contract.js:40 | |
| HIGH | Credential Harvesting via Environment Variable Multiple scripts directly access `process.env.WALLET_PRIVATE_KEY` or `process.env.PRIVATE_KEY` to sign blockchain transactions. While this is the intended functionality for a blockchain interaction skill, it exposes the private key to the execution environment. A compromised agent or malicious input could potentially leverage this access to exfiltrate the private key or perform unauthorized transactions. Consider using a secure key management system (KMS) or hardware security module (HSM) instead of directly exposing private keys as environment variables. If environment variables are necessary, ensure strict access controls on the execution environment and implement robust input validation to prevent manipulation. | LLM | scripts/create-agw.js:27 | |
| HIGH | Credential Harvesting via Environment Variable Multiple scripts directly access `process.env.WALLET_PRIVATE_KEY` or `process.env.PRIVATE_KEY` to sign blockchain transactions. While this is the intended functionality for a blockchain interaction skill, it exposes the private key to the execution environment. A compromised agent or malicious input could potentially leverage this access to exfiltrate the private key or perform unauthorized transactions. Consider using a secure key management system (KMS) or hardware security module (HSM) instead of directly exposing private keys as environment variables. If environment variables are necessary, ensure strict access controls on the execution environment and implement robust input validation to prevent manipulation. | LLM | scripts/deploy-abstract.js:34 | |
| HIGH | Credential Harvesting via Environment Variable Multiple scripts directly access `process.env.WALLET_PRIVATE_KEY` or `process.env.PRIVATE_KEY` to sign blockchain transactions. While this is the intended functionality for a blockchain interaction skill, it exposes the private key to the execution environment. A compromised agent or malicious input could potentially leverage this access to exfiltrate the private key or perform unauthorized transactions. Consider using a secure key management system (KMS) or hardware security module (HSM) instead of directly exposing private keys as environment variables. If environment variables are necessary, ensure strict access controls on the execution environment and implement robust input validation to prevent manipulation. | LLM | scripts/mint-nft.js:60 | |
| HIGH | Credential Harvesting via Environment Variable Multiple scripts directly access `process.env.WALLET_PRIVATE_KEY` or `process.env.PRIVATE_KEY` to sign blockchain transactions. While this is the intended functionality for a blockchain interaction skill, it exposes the private key to the execution environment. A compromised agent or malicious input could potentially leverage this access to exfiltrate the private key or perform unauthorized transactions. Consider using a secure key management system (KMS) or hardware security module (HSM) instead of directly exposing private keys as environment variables. If environment variables are necessary, ensure strict access controls on the execution environment and implement robust input validation to prevent manipulation. | LLM | scripts/myriad-buy-direct.js:40 | |
| HIGH | Credential Harvesting via Environment Variable Multiple scripts directly access `process.env.WALLET_PRIVATE_KEY` or `process.env.PRIVATE_KEY` to sign blockchain transactions. While this is the intended functionality for a blockchain interaction skill, it exposes the private key to the execution environment. A compromised agent or malicious input could potentially leverage this access to exfiltrate the private key or perform unauthorized transactions. Consider using a secure key management system (KMS) or hardware security module (HSM) instead of directly exposing private keys as environment variables. If environment variables are necessary, ensure strict access controls on the execution environment and implement robust input validation to prevent manipulation. | LLM | scripts/myriad-trade.js:10 | |
| HIGH | Credential Harvesting via Environment Variable Multiple scripts directly access `process.env.WALLET_PRIVATE_KEY` or `process.env.PRIVATE_KEY` to sign blockchain transactions. While this is the intended functionality for a blockchain interaction skill, it exposes the private key to the execution environment. A compromised agent or malicious input could potentially leverage this access to exfiltrate the private key or perform unauthorized transactions. Consider using a secure key management system (KMS) or hardware security module (HSM) instead of directly exposing private keys as environment variables. If environment variables are necessary, ensure strict access controls on the execution environment and implement robust input validation to prevent manipulation. | LLM | scripts/relay-bridge.js:46 | |
| HIGH | Credential Harvesting via Environment Variable Multiple scripts directly access `process.env.WALLET_PRIVATE_KEY` or `process.env.PRIVATE_KEY` to sign blockchain transactions. While this is the intended functionality for a blockchain interaction skill, it exposes the private key to the execution environment. A compromised agent or malicious input could potentially leverage this access to exfiltrate the private key or perform unauthorized transactions. Consider using a secure key management system (KMS) or hardware security module (HSM) instead of directly exposing private keys as environment variables. If environment variables are necessary, ensure strict access controls on the execution environment and implement robust input validation to prevent manipulation. | LLM | scripts/swap-aborean.js:24 | |
| HIGH | Credential Harvesting via Environment Variable Multiple scripts directly access `process.env.WALLET_PRIVATE_KEY` or `process.env.PRIVATE_KEY` to sign blockchain transactions. While this is the intended functionality for a blockchain interaction skill, it exposes the private key to the execution environment. A compromised agent or malicious input could potentially leverage this access to exfiltrate the private key or perform unauthorized transactions. Consider using a secure key management system (KMS) or hardware security module (HSM) instead of directly exposing private keys as environment variables. If environment variables are necessary, ensure strict access controls on the execution environment and implement robust input validation to prevent manipulation. | LLM | scripts/swap-kona.js:24 | |
| HIGH | Credential Harvesting via Environment Variable Multiple scripts directly access `process.env.WALLET_PRIVATE_KEY` or `process.env.PRIVATE_KEY` to sign blockchain transactions. While this is the intended functionality for a blockchain interaction skill, it exposes the private key to the execution environment. A compromised agent or malicious input could potentially leverage this access to exfiltrate the private key or perform unauthorized transactions. Consider using a secure key management system (KMS) or hardware security module (HSM) instead of directly exposing private keys as environment variables. If environment variables are necessary, ensure strict access controls on the execution environment and implement robust input validation to prevent manipulation. | LLM | scripts/swap-tokens.js:40 | |
| HIGH | Credential Harvesting via Environment Variable Multiple scripts directly access `process.env.WALLET_PRIVATE_KEY` or `process.env.PRIVATE_KEY` to sign blockchain transactions. While this is the intended functionality for a blockchain interaction skill, it exposes the private key to the execution environment. A compromised agent or malicious input could potentially leverage this access to exfiltrate the private key or perform unauthorized transactions. Consider using a secure key management system (KMS) or hardware security module (HSM) instead of directly exposing private keys as environment variables. If environment variables are necessary, ensure strict access controls on the execution environment and implement robust input validation to prevent manipulation. | LLM | scripts/transfer.js:34 | |
| HIGH | Credential Harvesting via Environment Variable Multiple scripts directly access `process.env.WALLET_PRIVATE_KEY` or `process.env.PRIVATE_KEY` to sign blockchain transactions. While this is the intended functionality for a blockchain interaction skill, it exposes the private key to the execution environment. A compromised agent or malicious input could potentially leverage this access to exfiltrate the private key or perform unauthorized transactions. Consider using a secure key management system (KMS) or hardware security module (HSM) instead of directly exposing private keys as environment variables. If environment variables are necessary, ensure strict access controls on the execution environment and implement robust input validation to prevent manipulation. | LLM | scripts/usdc-ops.js:90 | |
| HIGH | Credential Harvesting via Environment Variable Multiple scripts directly access `process.env.WALLET_PRIVATE_KEY` or `process.env.PRIVATE_KEY` to sign blockchain transactions. While this is the intended functionality for a blockchain interaction skill, it exposes the private key to the execution environment. A compromised agent or malicious input could potentially leverage this access to exfiltrate the private key or perform unauthorized transactions. Consider using a secure key management system (KMS) or hardware security module (HSM) instead of directly exposing private keys as environment variables. If environment variables are necessary, ensure strict access controls on the execution environment and implement robust input validation to prevent manipulation. | LLM | scripts/aborean-swap.js:100 | |
| HIGH | Credential Harvesting via Environment Variable Multiple scripts directly access `process.env.WALLET_PRIVATE_KEY` or `process.env.PRIVATE_KEY` to sign blockchain transactions. While this is the intended functionality for a blockchain interaction skill, it exposes the private key to the execution environment. A compromised agent or malicious input could potentially leverage this access to exfiltrate the private key or perform unauthorized transactions. Consider using a secure key management system (KMS) or hardware security module (HSM) instead of directly exposing private keys as environment variables. If environment variables are necessary, ensure strict access controls on the execution environment and implement robust input validation to prevent manipulation. | LLM | scripts/bridge-usdc-relay.js:4 | |
| HIGH | Credential Harvesting via Environment Variable in Config The Hardhat configuration file directly accesses `process.env.WALLET_PRIVATE_KEY`. While this is standard for Hardhat, it means the private key is loaded into the configuration, making it vulnerable if the Hardhat environment or build process is compromised. For production deployments, consider using a more secure method for managing private keys, such as a dedicated key management service, hardware wallet integration, or encrypted keystores, rather than plain environment variables. | LLM | references/hardhat.config.js:26 | |
| HIGH | Arbitrary File Read via Command Line Argument The script reads an ABI file from a path provided as a command-line argument (`--abi`). If an attacker can control this argument (e.g., via prompt injection), they could specify an arbitrary file path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) to read sensitive local files from the agent's environment. The content of the file would then be parsed as JSON, potentially leading to errors but still exposing the file's content in logs or error messages. Implement strict validation for file paths provided via command-line arguments. Restrict file access to a predefined, safe directory or use a whitelist of allowed file names. Avoid directly using untrusted input as file paths. | LLM | scripts/call-contract.js:34 | |
| HIGH | Arbitrary File Read via Command Line Argument The script reads a contract artifact file from a path provided as a command-line argument (`artifactPath`). If an attacker can control this argument (e.g., via prompt injection), they could specify an arbitrary file path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) to read sensitive local files from the agent's environment. The content of the file would then be parsed as JSON, potentially leading to errors but still exposing the file's content in logs or error messages. Implement strict validation for file paths provided via command-line arguments. Restrict file access to a predefined, safe directory or use a whitelist of allowed file names. Avoid directly using untrusted input as file paths. | LLM | scripts/deploy-abstract.js:29 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/masoncags-tech/abstract-onboard/scripts/myriad-trade.js:118 | |
| MEDIUM | Unpinned npm dependency version Dependency 'ethers' is not pinned to an exact version ('^6.9.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/masoncags-tech/abstract-onboard/package.json | |
| MEDIUM | Excessive ERC20 Approval (MaxUint256) The script approves the DEX router to spend `ethers.MaxUint256` of USDC. While common in DeFi, this grants unlimited spending power to the router contract. If the router contract is compromised or if the agent is tricked into interacting with a malicious router, all approved tokens could be drained without further user consent. Approve only the exact amount required for the current transaction, or a reasonably limited amount that can be re-approved as needed. Avoid granting `MaxUint256` approvals unless absolutely necessary and understood. | LLM | scripts/swap-aborean.js:58 | |
| MEDIUM | Excessive ERC20 Approval (MaxUint256) The script approves the DEX router to spend `ethers.MaxUint256` of USDC. While common in DeFi, this grants unlimited spending power to the router contract. If the router contract is compromised or if the agent is tricked into interacting with a malicious router, all approved tokens could be drained without further user consent. Approve only the exact amount required for the current transaction, or a reasonably limited amount that can be re-approved as needed. Avoid granting `MaxUint256` approvals unless absolutely necessary and understood. | LLM | scripts/swap-kona.js:58 | |
| MEDIUM | Excessive ERC20 Approval (MaxUint256) The script approves the DEX router to spend `ethers.MaxUint256` of a token. While common in DeFi, this grants unlimited spending power to the router contract. If the router contract is compromised or if the agent is tricked into interacting with a malicious router, all approved tokens could be drained without further user consent. Approve only the exact amount required for the current transaction, or a reasonably limited amount that can be re-approved as needed. Avoid granting `MaxUint256` approvals unless absolutely necessary and understood. | LLM | scripts/aborean-swap.js:134 | |
| MEDIUM | Unpinned Dependencies in package.json The `package.json` uses caret (`^`) ranges for several critical dependencies (`ethers`, `zksync-ethers`, `viem`, `@abstract-foundation/agw-client`). This allows minor and patch updates, which could introduce breaking changes, vulnerabilities, or unexpected behavior. The `SKILL.md` and `create-agw.js` specifically warn that `agw-client` versions can change AGW addresses, making this unpinned dependency a higher risk. Pin all dependencies to exact versions (e.g., `1.2.3`) to ensure deterministic builds and prevent unexpected changes from upstream packages. Use a lock file (e.g., `package-lock.json`) and commit it to version control. | LLM | package.json:8 | |
| MEDIUM | Hidden/Undeclared Dependency The `scripts/myriad-trade.js` file uses `myriad-sdk` via `require('myriad-sdk')`, but this package is not listed in the `dependencies` or `devDependencies` section of `package.json`. This makes the dependency hidden, potentially leading to runtime errors if not manually installed, and complicates dependency management and security auditing. Declare all direct dependencies in `package.json` to ensure they are properly installed and managed. This improves transparency and maintainability. | LLM | scripts/myriad-trade.js:20 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/masoncags-tech/abstract-onboard/package.json | |
| LOW | Reliance on External API for Transaction Data The `bridge-usdc-relay.js` script fetches transaction data from an external API (`api.relay.link`) and then directly executes those transactions using the agent's private key. While Relay is a legitimate service, relying on external API responses for critical transaction parameters without independent validation introduces a trust dependency. A compromise of the Relay API could lead to malicious transaction data being provided to the agent. Implement additional validation or sanity checks on the transaction data received from external APIs before execution. For critical operations, consider using a multi-signature wallet or requiring explicit user confirmation for transactions generated by external services. | LLM | scripts/bridge-usdc-relay.js:20 |
Scan History
Embed Code
[](https://skillshield.io/report/3d1a3eb9ffca67db)
Powered by SkillShield