Trust Assessment
arc-security received a trust score of 15/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 1 critical, 4 high, 5 medium, and 0 low severity. Key findings include Missing required field: name, Suspicious import: requests, Potential data exfiltration: file read + network send.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct Use of Private Key from Environment Variable The skill directly loads a blockchain private key from the `PRIVATE_KEY` environment variable and uses it for signing transactions. While necessary for the skill's functionality, storing and directly accessing a private key in this manner exposes it to significant risk. If the skill's execution environment is compromised, or if the skill itself contains malicious code (which is the premise of this analysis), the private key could be easily exfiltrated, leading to complete loss of control over the associated blockchain account. Implement more secure key management practices. Consider using a Key Management Service (KMS), hardware security module (HSM), or requiring user interaction for transaction signing (e.g., via a wallet connector) instead of directly exposing the raw private key to the skill's runtime environment. If direct access is unavoidable, ensure the environment is isolated and hardened to the highest possible security standards. | LLM | arc_contract.py:10 | |
| HIGH | Potential data exfiltration: file read + network send Function 'request_skill' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/shaivpidadi/arc-security/x402_client.py:170 | |
| HIGH | Unpinned or Broadly Pinned Dependencies The skill's dependencies are specified with broad version ranges (e.g., `>=` or `^`) in both `requirements.txt` and `skill.json`. This practice can lead to unexpected behavior, compatibility issues, or the introduction of vulnerabilities if a new, unvetted version of a dependency is released and automatically pulled into the project. It increases the supply chain risk. Pin dependencies to exact versions (e.g., `web3==6.0.0`) or use a lock file mechanism. Regularly audit and update dependencies after careful review. | LLM | requirements.txt:1 | |
| HIGH | Unpinned or Broadly Pinned Dependencies The skill's dependencies are specified with broad version ranges (e.g., `>=` or `^`) in both `requirements.txt` and `skill.json`. This practice can lead to unexpected behavior, compatibility issues, or the introduction of vulnerabilities if a new, unvetted version of a dependency is released and automatically pulled into the project. It increases the supply chain risk. Pin dependencies to exact versions (e.g., `web3: "6.0.0"`) or use a lock file mechanism. Regularly audit and update dependencies after careful review. | LLM | skill.json:10 | |
| HIGH | Unsanitized User Input in URL Construction (SSRF/Data Exfiltration Risk) The `request_skill` method in `x402_client.py` constructs a URL using `self.server_url` (from an environment variable) and `skill_id` (which is user-controlled input from `argparse`). If `skill_id` is not properly sanitized, a malicious user could inject path traversal sequences (e.g., `../`), URL parameters (`?param=value`), or other special characters to manipulate the request. This could lead to Server-Side Request Forgery (SSRF) against internal services or data exfiltration if the `X402_SERVER_URL` is controlled by an attacker and crafted `skill_id` values are used to leak information. Sanitize the `skill_id` input before using it in URL construction. Ensure that `skill_id` only contains allowed characters (e.g., alphanumeric, hyphens) and does not contain path separators, query string delimiters, or other special characters that could alter the intended URL path or parameters. A whitelist approach for allowed characters is recommended. | LLM | x402_client.py:40 | |
| MEDIUM | Missing required field: name The 'name' field is required for openclaw skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/shaivpidadi/arc-security/SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/shaivpidadi/arc-security/x402_client.py:10 | |
| MEDIUM | Unpinned Python dependency version Requirement 'web3>=6.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/shaivpidadi/arc-security/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests>=2.31.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/shaivpidadi/arc-security/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'python-dotenv>=1.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/shaivpidadi/arc-security/requirements.txt:3 |
Scan History
Embed Code
[](https://skillshield.io/report/1b9b1294d394a748)
Powered by SkillShield