Trust Assessment
arbitrum-dapp-skill received a trust score of 69/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Hardcoded Bearer Token detected, Sensitive environment variable access: $HOME, Skill sends installation analytics to external service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/hummusonrails/arbitrum-dapp-skill/install.sh:31 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/hummusonrails/arbitrum-dapp-skill/install.sh:5 | |
| MEDIUM | Skill sends installation analytics to external service The `install.sh` script makes an outbound `curl` request to `https://arbitrum-dapp-skill.goatcounter.com` to record an installation event. While the script claims 'No cookies, no personal data' and provides an opt-out mechanism (`ARBITRUM_SKILL_NO_ANALYTICS=1`), any unconsented outbound network request for telemetry purposes is a form of data exfiltration. This could potentially leak information about the user's environment (e.g., IP address, user agent of the `curl` command) to a third-party service. 1. Make analytics strictly opt-in rather than opt-out. 2. Clearly inform the user about the analytics collection *before* running the script and obtain explicit consent. 3. Remove the analytics collection entirely if not strictly necessary for skill functionality. | LLM | install.sh:20 | |
| LOW | Hardcoded API token for analytics service The `install.sh` script contains a hardcoded Bearer token (`s8p7jjjeclhc1gs76e5ry1zm4pgm5e1qlxz11uwr6zslbpr4h`) used for authenticating with the GoatCounter analytics API. While the script claims this token 'can ONLY record pageviews' and is for a benign purpose, hardcoding API tokens directly in scripts is generally a security risk. If the GoatCounter service or the token's permissions were ever compromised or changed, this token could potentially be misused. 1. Avoid hardcoding API tokens directly in scripts. 2. If analytics are deemed necessary, consider alternative, token-less methods or ensure the token is managed securely (e.g., via environment variables if the user provides it, though this is less practical for an install script). 3. Re-evaluate the necessity of using a token for anonymous analytics. | LLM | install.sh:22 | |
| INFO | Skill update uses unpinned `git pull` The `install.sh` script, when updating an existing installation, uses `git pull origin main`. This pulls the latest changes from the `main` branch without pinning to a specific commit hash or tag. While common for skill updates, it means that any future malicious commit to the `main` branch of the `hummusonrails/arbitrum-dapp-skill` repository would be automatically pulled and executed on the user's system without explicit review. 1. Pin updates to specific commit hashes or version tags to ensure deterministic and reviewable updates. 2. Implement a mechanism for users to review changes before applying updates. | LLM | install.sh:12 |
Scan History
Embed Code
[](https://skillshield.io/report/5e77a4c65ef29cff)
Powered by SkillShield