Trust Assessment
agentic-commerce-relay received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Environment Variables and Script Arguments, Direct Exposure of Sensitive Credentials to Unanalyzed Scripts, Reliance on Unanalyzed External JavaScript Files.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via Environment Variables and Script Arguments The skill demonstrates executing shell commands (`node scripts/cctp-bridge.js`, `node scripts/discovery-moltbook.cjs`) where environment variables (e.g., `PRIVATE_KEY`, `SRC_RPC`, `DST_RPC`, `AMOUNT`) and script arguments (e.g., `--submolt`, `--sort`, `--tag`) are passed directly. If an agent constructs these commands using untrusted user input for any of these values without proper sanitization, an attacker could inject arbitrary shell commands, leading to remote code execution or data exfiltration. The `PRIVATE_KEY` is a particularly sensitive variable. Agents should strictly sanitize or validate all user-provided input before using it to construct shell commands or environment variables. Consider using a safer method for passing sensitive data than direct environment variables if the execution environment allows, or ensure the execution environment isolates processes. For arguments, use libraries that properly escape shell arguments. | LLM | SKILL.md:16 | |
| HIGH | Direct Exposure of Sensitive Credentials to Unanalyzed Scripts The skill explicitly requires highly sensitive credentials such as `PRIVATE_KEY` and `MOLTBOOK_API_KEY` to be passed as environment variables to external `node` scripts. While the `SKILL.md` itself does not exfiltrate these, it mandates their direct exposure to the underlying scripts. If these scripts (whose source code is not provided for analysis) are malicious or compromised, they could easily harvest and exfiltrate these credentials, leading to unauthorized access to blockchain assets or API services. Avoid passing sensitive credentials directly as environment variables, especially to unanalyzed or untrusted scripts. Use secure secret management systems (e.g., KMS, vault services) to retrieve credentials at runtime, or ensure the execution environment provides secure, isolated access to secrets. Thoroughly audit the source code of `scripts/cctp-bridge.js` and `scripts/discovery-moltbook.cjs` for credential handling and exfiltration attempts. | LLM | SKILL.md:16 | |
| HIGH | Reliance on Unanalyzed External JavaScript Files The core functionality of this skill relies heavily on external JavaScript files (`scripts/cctp-bridge.js`, `scripts/discovery-moltbook.cjs`, and modules under `integrations/`). The content of these files is not provided within the analysis context. This introduces a significant supply chain risk, as the security and integrity of the entire skill depend on the trustworthiness of these unanalyzed scripts. Malicious code within these files could lead to data exfiltration, command injection, credential harvesting, or other severe vulnerabilities. All external code dependencies should be thoroughly reviewed and audited for security vulnerabilities. Implement strict version pinning for all dependencies. Consider sandboxing the execution environment for external scripts to limit their potential impact. Provide the source code of all executed scripts for comprehensive security analysis. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/f69f88b3f988b3a4)
Powered by SkillShield