Trust Assessment
autonomous-agent received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned Dependencies via npm install, Exposure of Sensitive Credentials via Environment Variables, Handling of Highly Sensitive Financial and Personal Data.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Dependencies via npm install The skill instructs users to run `npm install` without specifying a `package-lock.json` or `yarn.lock` file, or using `npm ci`. This allows `npm` to resolve and install the latest versions of dependencies, which could introduce vulnerable or malicious packages if a dependency is compromised or updated unexpectedly. This is a significant supply chain risk, as a malicious package could then exfiltrate credentials or sensitive data, or execute arbitrary code. Ensure `package-lock.json` or `yarn.lock` is present and committed to the repository to guarantee deterministic dependency resolution. Instruct users to use `npm ci` for installation in production or CI/CD environments. Regularly audit dependencies for known vulnerabilities. | LLM | SKILL.md:13 | |
| HIGH | Exposure of Sensitive Credentials via Environment Variables The skill explicitly instructs the user to configure highly sensitive credentials as environment variables, including `HUGGINGFACE_API_KEY` or `HF_TOKEN`, `APTOS_WALLET_PATH`, `EVM_WALLET_PATH`, and `EVM_PRIVATE_KEY`. These credentials grant access to LLM services and cryptocurrency wallets, enabling financial transactions and data access. Combined with the `npm install` supply chain risk, a compromised dependency could easily read and exfiltrate these environment variables or the files they point to (e.g., wallet private keys). Implement robust secrets management practices. Avoid storing sensitive credentials directly in `.env` files, especially for production. Consider using secure secret stores, environment-specific injection mechanisms, or cloud-native secret management services. Ensure the agent's code and its dependencies are thoroughly audited for credential access and exfiltration vectors. Implement least privilege access for API keys and wallet files. | LLM | SKILL.md:19 | |
| MEDIUM | Handling of Highly Sensitive Financial and Personal Data The skill's functionality includes 'bank linking' (handling 'CornerStone/Plaid bank link token') and retrieving 'Borrower score' (which can involve PII and financial data). This means the agent is designed to process and potentially store highly sensitive financial and personal information. While the skill itself doesn't exfiltrate data, the explicit handling of such data, combined with the supply chain risk from `npm install`, creates a high-impact target for data exfiltration if the agent's code or its dependencies are compromised. Implement strict data handling policies, including encryption for data at rest and in transit. Ensure compliance with relevant data privacy regulations (e.g., GDPR, CCPA, PCI DSS). Conduct regular security audits and penetration testing on the agent's code and infrastructure to identify and mitigate potential data exfiltration vulnerabilities. Minimize the scope of data collected and retained to only what is strictly necessary. | LLM | SKILL.md:45 |
Scan History
Embed Code
[](https://skillshield.io/report/c2f72775631ea8f2)
Powered by SkillShield