Trust Assessment
agentwallet received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Command Injection via untrusted HTTP header in manual x402 flow, Command Injection via untrusted payment signature in manual x402 flow, Agent instructed to read sensitive API token and wallet details from local config file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via untrusted HTTP header in manual x402 flow The skill explicitly instructs the agent to execute a bash script that extracts the 'Payment-Required' header from an external API response and embeds it directly into a subsequent 'curl -d' command. If a malicious external API returns a specially crafted 'Payment-Required' header containing shell metacharacters, these could be executed by the agent, leading to arbitrary command execution. The 'PAYMENT_REQ' variable must be properly sanitized or shell-escaped before being embedded into the JSON string for the 'curl -d' command. A safer approach would be to use a JSON parsing library that handles escaping automatically, or to explicitly escape shell metacharacters if direct shell execution is unavoidable. | LLM | SKILL.md:104 | |
| HIGH | Command Injection via untrusted payment signature in manual x402 flow The skill explicitly instructs the agent to execute a bash script that extracts 'paymentSignature' from a JSON response using 'jq -r' and embeds it directly into an HTTP header ('PAYMENT-SIGNATURE: $PAYMENT_SIG') in a subsequent 'curl' command. If the 'paymentSignature' value contains shell metacharacters, these could be executed by the agent, leading to arbitrary command execution. The 'PAYMENT_SIG' variable must be properly sanitized or shell-escaped before being embedded into the HTTP header string for the 'curl -H' command. | LLM | SKILL.md:111 | |
| HIGH | Agent instructed to read sensitive API token and wallet details from local config file The skill explicitly instructs the agent to read the '~/.agentwallet/config.json' file, which contains sensitive information such as 'apiToken', 'username', 'email', 'evmAddress', and 'solanaAddress'. While the skill does not directly instruct exfiltration, the agent's access to this file, combined with the identified command injection vulnerabilities, creates a high risk of this sensitive data being exfiltrated to an attacker-controlled endpoint. Implement robust input validation and output sanitization for all data processed by shell commands. Ensure that the agent's execution environment is sandboxed to prevent arbitrary file access and network requests to untrusted domains. Consider using a secure credential store instead of a plain JSON file for API tokens. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/79e11bd1cc8a5291)
Powered by SkillShield