Trust Assessment
autonomous-agent received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 3 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Installation Instructions, Handling of Sensitive Credentials and PII, Excessive Permissions via Direct Wallet Management Tools.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Installation Instructions The skill's documentation (`SKILL.md`) contains direct shell commands for installation and execution, such as `git clone`, `npm install`, `npx`, and `npm run`. If an LLM agent is tasked with setting up or running this skill and blindly executes these commands, it could lead to arbitrary code execution. The `npm install` command, in particular, can introduce supply chain risks by downloading and executing code from potentially untrusted or compromised npm packages. LLM agents should execute installation and runtime commands in a highly sandboxed environment with strict egress filtering, resource limits, and a human-in-the-loop approval process. Developers should ensure all dependencies are pinned and from trusted sources. The skill's `package.json` and `package-lock.json` should be thoroughly reviewed for suspicious packages or unpinned dependencies. | LLM | SKILL.md:12 | |
| HIGH | Handling of Sensitive Credentials and PII The skill explicitly requires highly sensitive credentials and personal identifiable information (PII). Environment variables like `HUGGINGFACE_API_KEY`, `HF_TOKEN`, `APTOS_WALLET_PATH`, `EVM_WALLET_PATH`, and `EVM_PRIVATE_KEY` are necessary for the skill's operation. Additionally, the skill offers tools that process user emails (`get_agent_reputation_score_by_email`, `get_borrower_score_by_email`). While the `SKILL.md` itself does not exfiltrate data, it clearly indicates that the skill will handle these sensitive pieces of information, posing a significant risk of credential harvesting or data exfiltration if the underlying skill code is malicious or vulnerable. Thoroughly audit the skill's source code for secure handling of all credentials and PII. Implement robust access controls and ensure secrets are never logged, exposed, or transmitted insecurely. Consider using a secure secrets management system instead of direct environment variables. For PII, ensure strict compliance with data protection regulations (e.g., GDPR, CCPA) and implement data minimization principles. | LLM | SKILL.md:17 | |
| HIGH | Excessive Permissions via Direct Wallet Management Tools The skill exposes a suite of tools for direct cryptocurrency wallet management, including `create_aptos_wallet`, `create_evm_wallet`, `credit_aptos_wallet`, `fund_evm_wallet`, `balance_aptos`, and `balance_evm`. These are high-privilege operations that, if misused by an autonomous agent or a malicious skill, could lead to unauthorized wallet creation, funding, or significant financial loss through uncontrolled transactions. The `SKILL.md` clearly documents these powerful capabilities. Implement strict human-in-the-loop approval for any financial transactions or wallet modifications initiated by the agent. Ensure robust access control mechanisms are in place for these tools, granting access only when absolutely necessary. Agents should operate with the principle of least privilege. Consider implementing rate limiting, spending caps, and multi-factor authentication for critical financial operations. | LLM | SKILL.md:45 |
Scan History
Embed Code
[](https://skillshield.io/report/40898789738a123e)
Powered by SkillShield