Trust Assessment
alpha-finder received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Unpinned `npx` dependency allows arbitrary code execution, Private key exposed to unpinned external dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unpinned `npx` dependency allows arbitrary code execution The `scripts/analyze.sh` uses `npx -y @itzannetos/x402-tools-claude alpha-finder "$QUERY"` to execute the core logic. The `-y` flag automatically confirms the installation of the package, and the package `@itzannetos/x402-tools-claude` is not pinned to a specific version. This means that if a malicious update is pushed to this package on npm, the skill will automatically download and execute the latest, potentially compromised, version without any user intervention or review. This allows an attacker to execute arbitrary code on the host system, leading to full system compromise. Pin the `npx` dependency to a specific, known-good version (e.g., `npx -y @itzannetos/x402-tools-claude@1.2.3 alpha-finder "$QUERY"`). Regularly review and update the pinned version after thorough security vetting. | LLM | scripts/analyze.sh:39 | |
| CRITICAL | Private key exposed to unpinned external dependency The script reads a sensitive `private_key` from a configuration file or environment variable and exports it as `X402_PRIVATE_KEY`. This environment variable is then accessible to the `npx` command and the `@itzannetos/x402-tools-claude` package it executes. Due to the unpinned nature of this dependency (as identified in the supply chain risk), a malicious update to the `x402-tools-claude` package could easily exfiltrate this private key, leading to the compromise of the associated cryptocurrency wallet and potential financial loss. In addition to pinning the dependency, consider if the private key needs to be exposed as an environment variable to the entire `npx` process. If the `x402-tools-claude` package provides a way to pass the key securely (e.g., via stdin or a temporary file with restricted permissions), that would be preferable. At a minimum, ensure the dependency is pinned and thoroughly vetted. | LLM | scripts/analyze.sh:24 | |
| HIGH | User query passed directly as argument to external `npx` command The user-provided `QUERY` is captured using `QUERY="$*"` and then passed directly as an argument to the `npx` command: `npx -y @itzannetos/x402-tools-claude alpha-finder "$QUERY"`. While the `$QUERY` variable is double-quoted, which prevents shell word splitting and globbing, the ultimate security depends on how the `alpha-finder` tool (part of `@itzannetos/x402-tools-claude`) interprets its arguments. If the `alpha-finder` tool itself is vulnerable to command injection (e.g., by using `eval` or `subprocess.run(..., shell=True)` internally with its arguments), an attacker could craft a malicious query to execute arbitrary commands. This risk is significantly amplified by the unpinned dependency, as a compromised version of the tool could intentionally introduce such a vulnerability. The primary remediation is to pin and thoroughly audit the `@itzannetos/x402-tools-claude` package to ensure it properly sanitizes or escapes its arguments before internal processing. If possible, pass the query via stdin or a temporary file rather than as a command-line argument, or implement stricter input validation on the `QUERY` itself. | LLM | scripts/analyze.sh:39 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/tzannetosgiannis/alpha-finder/scripts/analyze.sh:19 |
Scan History
Embed Code
[](https://skillshield.io/report/c65cdb6c7698d99c)
Powered by SkillShield