Trust Assessment
agent-market received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Exposure of Wallet Private Key, Agent can act as Arbitrator for Prediction Markets.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Exposure of Wallet Private Key The skill requires `WALLET_PRIVATE_KEY` to be provided as an environment variable. This private key is used directly to create a `walletClient` for signing all on-chain transactions. If the agent's execution environment is compromised, this private key could be exfiltrated, leading to complete loss of funds from the associated wallet. While the skill itself does not appear to exfiltrate the key, its direct presence and use in the environment make it a high-value target. Advise users to use dedicated, isolated wallets with minimal funds for agent operations. Explore alternative signing mechanisms like hardware wallets or secure key management services if available for the agent platform, or use transaction relayers where the private key is not directly exposed to the agent's runtime environment. | LLM | index.ts:20 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/humanjesse/agent-market/SKILL.md:1 | |
| MEDIUM | Agent can act as Arbitrator for Prediction Markets The `market_arbitrate` function allows the agent to unilaterally decide the outcome of a disputed prediction market if it is the designated arbitrator. This grants significant power over market resolution and fund distribution. A compromised agent acting as an arbitrator could be coerced into making incorrect or malicious rulings, potentially leading to financial losses for market participants. This is a feature of the underlying protocol, but the skill exposes this powerful function directly to the agent. Users should be extremely cautious when configuring an agent as an arbitrator. Ensure the agent's decision-making process for arbitration is robust, transparent, and resistant to manipulation. Consider human oversight or multi-sig approval for critical arbitration decisions. | LLM | SKILL.md:200 |
Scan History
Embed Code
[](https://skillshield.io/report/4ee5d4131441f2c5)
Powered by SkillShield