Trust Assessment
agent-earner received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Sensitive Credentials in Configuration Example.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive Credentials in Configuration Example The skill's configuration example explicitly includes sensitive credentials such as 'walletPrivateKey', 'clawtasksApiKey', and 'openworkApiKey' directly within a JSON structure. Storing these credentials in a configuration file, especially a private key, poses a significant security risk if the file is not adequately protected. This could lead to credential harvesting and unauthorized access to funds or platform accounts. While environment variables are mentioned as a best practice, the example itself promotes an insecure storage method. Remove sensitive credentials like API keys and private keys from configuration file examples. Emphasize and exclusively demonstrate the use of secure environment variables or a dedicated secret management system for all sensitive data. Update the documentation to clearly state that private keys should never be stored directly in configuration files or source code. | LLM | SKILL.md:68 |
Scan History
Embed Code
[](https://skillshield.io/report/95e8df1afa502e86)
Powered by SkillShield