Trust Assessment
autonomous-agent received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 3 high, 1 medium, and 0 low severity. Key findings include Skill requires and handles sensitive API keys/tokens, Skill handles sensitive bank linking tokens, Skill processes Personally Identifiable Information (email).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill handles sensitive bank linking tokens The `link_bank_account` tool is described as returning a `link_token`. Such tokens are typically used to initiate or manage connections to financial institutions and can be highly sensitive, potentially allowing access to bank account information or transactions. A malicious or compromised skill could exfiltrate this token, leading to severe financial security breaches. Implement strict access controls and encryption for `link_token` handling. Ensure the skill's code is thoroughly audited to prevent exfiltration. Consider using a secure vault or tokenization service for such sensitive data. | LLM | SKILL.md:58 | |
| HIGH | Skill requires and handles sensitive API keys/tokens The skill's installation instructions explicitly require environment variables for `HUGGINGFACE_API_KEY` or `HF_TOKEN`, and wallet paths/private keys (`APTOS_WALLET_PATH`, `EVM_WALLET_PATH`, `EVM_PRIVATE_KEY`). These are highly sensitive credentials. The skill is designed to access and use these for its operations (e.g., payments, inference). A malicious or compromised skill could exfiltrate these credentials. Implement robust credential management (e.g., secrets manager, short-lived tokens). Ensure the skill's code is thoroughly audited for secure handling and non-exfiltration of these credentials. Limit the scope of access for these credentials to only what is strictly necessary. | LLM | SKILL.md:20 | |
| HIGH | Skill processes Personally Identifiable Information (email) The tools `get_agent_reputation_score_by_email` and `get_borrower_score_by_email` explicitly take an `email` address as an argument. Email addresses are Personally Identifiable Information (PII). If the skill's underlying code logs, stores, or transmits this email address insecurely, or if the skill is compromised, it could lead to unauthorized disclosure or exfiltration of user PII. Ensure PII is handled in compliance with privacy regulations (e.g., GDPR, CCPA). Implement strict data minimization, encryption, and access controls. Audit the skill's code to ensure email addresses are not logged or exfiltrated unnecessarily. | LLM | SKILL.md:61 | |
| HIGH | Skill requires direct access to wallet private keys/files The skill explicitly requires `APTOS_WALLET_PATH`, `EVM_WALLET_PATH`, or `EVM_PRIVATE_KEY` for payments. This implies direct filesystem access to sensitive wallet files or direct handling of private keys. Granting a skill direct access to private keys or wallet files provides it with the ability to control associated cryptocurrency assets. If the skill is compromised, these assets could be stolen. Explore alternative methods for transaction signing that do not expose private keys directly to the skill (e.g., hardware wallets, secure enclaves, or external signing services where the skill only requests a signature). If direct access is unavoidable, ensure the skill runs in a highly isolated environment with minimal privileges. | LLM | SKILL.md:22 | |
| MEDIUM | Skill relies on unverified npm dependencies The installation instructions include `npm install`. This command downloads and executes code from potentially numerous third-party packages. Without access to the `package.json` and `package-lock.json` files, it's impossible to verify if dependencies are pinned to specific versions, if they contain known vulnerabilities, or if there are any typosquatting attempts. A malicious dependency could compromise the entire skill and the host environment. Provide `package.json` and `package-lock.json` files for analysis. Ensure all dependencies are explicitly pinned to known good versions. Regularly audit dependencies for vulnerabilities using tools like `npm audit`. Consider using a dependency-scanning tool as part of the CI/CD pipeline. | LLM | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/7ed131d01da88a8b)
Powered by SkillShield