Trust Assessment
agent-identity received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 0 high, 1 medium, and 2 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Private Key Exposed via Command Line Argument.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Private Key Exposed via Command Line Argument The `scripts/setup.js` script allows users to import a private key directly as a command-line argument using `--import <privateKey>`. Private keys passed as command-line arguments are highly insecure as they can be logged in shell history, exposed in process lists (e.g., `ps aux`), and potentially sniffed by other users or processes on the system. This significantly increases the risk of private key compromise. Remove the `--import` option that accepts a private key directly. Instead, prompt the user for the private key interactively (e.g., using `readline-sync` or similar to hide input), or require it to be read from a securely permissioned file. | LLM | scripts/setup.js:30 | |
| MEDIUM | Unpinned npm dependency version Dependency 'viem' is not pinned to an exact version ('^2.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/rosepuppy/agent-identity/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/rosepuppy/agent-identity/package.json | |
| LOW | Critical Contract Address Configurable via Environment Variable The `scripts/config.js` file allows the `REGISTRY_ADDRESS` for smart contracts to be overridden by an environment variable (`process.env.REGISTRY_ADDRESS`). If the environment where the skill is executed is compromised, a malicious actor could inject a fraudulent contract address. This could lead to the skill interacting with an attacker-controlled contract, potentially resulting in loss of funds (e.g., USDC stake, vouches) or exposure of identity data to the wrong contract. While this provides configuration flexibility, it introduces a reliance on the security of the execution environment for critical contract interactions. Consider making critical contract addresses immutable or requiring explicit user confirmation for non-default addresses. If environment variable configuration is necessary, ensure the execution environment is highly secured and that users are aware of the implications of overriding default contract addresses. | LLM | scripts/config.js:11 | |
| INFO | Unpinned Major Version Dependencies The `package.json` specifies dependencies `viem: "^2.0.0"` and `commander: "^11.0.0"`. The `^` (caret) operator allows for minor and patch updates but pins the major version. While this is a common practice, it means that any new minor version of these libraries could introduce breaking changes or, in a worst-case scenario, vulnerabilities without explicit review. For critical security-related skills, it is generally safer to pin dependencies to exact versions or at least use `~` for patch-level updates only, and then manually review updates. Pin dependencies to exact versions (e.g., `"viem": "2.x.x"`) or use the tilde operator (e.g., `"viem": "~2.x.x"`) to only allow patch updates. Regularly audit and manually update dependencies. | LLM | package.json:13 |
Scan History
Embed Code
[](https://skillshield.io/report/3cc8a54bef701d8d)
Powered by SkillShield