Trust Assessment
amped-defi received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 16 findings: 2 critical, 4 high, 8 medium, and 2 low severity. Key findings include Unsafe deserialization / dynamic eval, Hidden network beacons / undisclosed telemetry, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 6/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings16
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Hardcoded Private Key in Test Setup The test setup file `dist/__tests__/setup.js` directly assigns a hardcoded private key to `process.env.AMPED_OC_WALLETS_JSON`. While this occurs in a test environment, it demonstrates an insecure pattern of handling private keys as plaintext strings in environment variables. This practice, if replicated in production or if test environments are compromised, poses a severe credential harvesting risk. Never hardcode sensitive credentials like private keys, even in test files. Use secure methods for managing test credentials, such as encrypted fixtures or a dedicated test key management system that does not expose raw keys. | LLM | dist/__tests__/setup.js:14 | |
| CRITICAL | Private Key Storage in Filesystem Configuration File The `amped_add_wallet` tool allows users to provide a `privateKey` directly as a parameter when the `source` is set to `env`. This private key is then stored in a configuration file on the filesystem (e.g., `~/.openclaw/extensions/amped-defi/wallets.json` as indicated by comments in `dist/tools/walletManagement.js` and `dist/wallet/backendConfig.js`). Storing private keys in a plaintext or easily accessible configuration file on the filesystem is a significant security risk, as it makes them vulnerable to exfiltration by other processes or attackers gaining local access to the agent's environment. Avoid storing private keys directly in filesystem configuration files. Implement a secure key management solution that encrypts private keys at rest and decrypts them only when needed, using strong access controls. Alternatively, integrate with external secure wallet services or hardware security modules (HSMs). | LLM | dist/tools/walletManagement.js:100 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-publish/dist/tools/swap.js:4 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-publish/dist/tools/swap.js:721 | |
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/ampedfinance/amped-defi-publish/dist/wallet/providers/chainConfig.js:129 | |
| HIGH | API Keys Stored in Environment Variables The skill retrieves sensitive API keys, specifically `BANKR_API_KEY` and `SODAX_API_KEY`, directly from `process.env` in `dist/providers/spokeProviderFactory.js` and `dist/utils/sodaxApi.js`. While this is a common practice, storing API keys in environment variables makes them susceptible to leakage if the environment is compromised, if child processes inherit them and expose them, or if the `process.env` object is inadvertently logged or serialized. For highly sensitive API keys, consider more secure storage mechanisms than plain environment variables, such as a dedicated secrets management service (e.g., HashiCorp Vault, AWS Secrets Manager, Azure Key Vault) or encrypted configuration files with strict access controls. Ensure that environment variables are never logged or exposed in error messages or tool outputs. | LLM | dist/providers/spokeProviderFactory.js:160 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-publish/dist/sodax/client.js:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-publish/dist/tools/portfolio.js:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-publish/dist/utils/errors.js:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-publish/dist/utils/errors.js:300 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-publish/dist/utils/sodaxApi.js:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-publish/dist/utils/tokenResolver.js:95 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ampedfinance/amped-defi-publish/dist/wallet/types.js:124 | |
| MEDIUM | Unpinned npm dependency version Dependency '@sinclair/typebox' is not pinned to an exact version ('^0.32.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/ampedfinance/amped-defi-publish/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/ampedfinance/amped-defi-publish/package.json | |
| LOW | Suppressed Console Output During SDK Initialization The `initializeSodax` function in `dist/sodax/client.js` temporarily suppresses `console.warn` and `console.log` during the SODAX SDK initialization process. While intended to reduce noise, this practice can hide important warnings or errors that might indicate underlying issues, including potential misconfigurations or security-relevant events, thereby reducing transparency and debuggability. Avoid suppressing console output, especially warnings, during critical initialization phases. Instead, configure logging levels to filter less important messages or redirect them to a specific log file, ensuring that all warnings and errors are captured and reviewable. | LLM | dist/sodax/client.js:30 |
Scan History
Embed Code
[](https://skillshield.io/report/64615a63e67dbb5e)
Powered by SkillShield