Trust Assessment
amped-defi received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 14 findings: 1 critical, 4 high, 9 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Hidden network beacons / undisclosed telemetry, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 6/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings14
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Hardcoded Private Key in Test Configuration A private key (`0xabc123def456`) is hardcoded in the test setup file `dist/__tests__/setup.js`. If the `dist` directory, including test files, is deployed to a production environment, this private key would be directly exposed, leading to immediate compromise of any associated wallet. This is a critical security vulnerability. Remove all hardcoded sensitive credentials from test files. Use secure environment variables or a secrets management system for test credentials, or ensure test files are never deployed to production. | LLM | dist/__tests__/setup.js:14 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-plugin/dist/tools/swap.js:4 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-plugin/dist/tools/swap.js:721 | |
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/ampedfinance/amped-defi-plugin/dist/wallet/providers/chainConfig.js:129 | |
| HIGH | Skill Stores User-Provided Private Keys The `amped_add_wallet` tool (defined in `dist/tools/walletManagement.js`) allows users to provide a `privateKey` via the `env` source, which the skill explicitly states 'Will be stored in config file.' (e.g., `~/.openclaw/extensions/amped-defi/wallets.json`). Storing private keys in a local file, even with a warning, creates a significant attack surface. If the file permissions are not strictly controlled or if the system running the skill is compromised, these private keys can be exfiltrated, leading to financial loss. Avoid storing user-provided private keys directly in files. Instead, integrate with secure wallet providers (like hardware wallets, secure enclaves, or external key management services) or prompt the user for the private key only when needed for signing, without persisting it. If local storage is unavoidable, ensure strong encryption and strict file permissions are enforced. | LLM | dist/tools/walletManagement.js:40 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-plugin/dist/sodax/client.js:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-plugin/dist/tools/portfolio.js:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-plugin/dist/utils/errors.js:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-plugin/dist/utils/errors.js:300 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-plugin/dist/utils/sodaxApi.js:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-plugin/dist/utils/tokenResolver.js:95 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-plugin/dist/wallet/types.js:124 | |
| MEDIUM | Unpinned npm dependency version Dependency '@sinclair/typebox' is not pinned to an exact version ('^0.32.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/ampedfinance/amped-defi-plugin/package.json | |
| MEDIUM | Use of Beta Software in Critical DeFi Components The core SODAX SDK dependencies (`@sodax/sdk`, `@sodax/types`, `@sodax/wallet-sdk-core`) are specified as `1.1.0-beta-rc2` in `package.json`. Using pre-release (beta) software in a DeFi application introduces a higher risk of undiscovered bugs, vulnerabilities, or unstable behavior, which could lead to financial losses or operational issues. While pinned, the version itself indicates a lack of production readiness. Prioritize stable, production-ready versions of critical dependencies, especially in financial applications. Thoroughly audit and test any beta software before deployment, and understand the associated risks. | LLM | package.json:29 |
Scan History
Embed Code
[](https://skillshield.io/report/17101c42bc17f3db)
Powered by SkillShield