Trust Assessment
base-signal-feed received a trust score of 74/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Hardcoded absolute paths to user home directory for data and execution, Unvalidated user input in external API calls.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Hardcoded absolute paths to user home directory for data and execution The skill uses hardcoded absolute paths like `/home/linuxuser/.openclaw/workspace/tools/trading/` for storing data files (`smart-money-alerts.json`, `new-pairs.json`) and executing auxiliary scripts (`smart-money-tracker.js`, `pair-scanner.js`). This design implies that the skill runs with read/write/execute permissions within a specific user's home directory. This is an excessive permission as it grants the skill broad access to a potentially sensitive area of the filesystem. If the skill is compromised, an attacker could leverage this access to read or modify other files within `/home/linuxuser/`, leading to data exfiltration or further system compromise. A more secure approach would be to use paths relative to the skill's own installation directory or a dedicated, isolated data directory. Modify the skill to use paths relative to its own installation directory (e.g., `path.join(__dirname, 'data', 'alerts.json')`) or a dedicated, isolated data directory provided by the execution environment. Ensure the skill runs with the principle of least privilege, only accessing directories and files strictly necessary for its operation. | LLM | scripts/signal-api.js:15 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/erdgeclaw/base-signal-feed/scripts/signal-api.js:142 | |
| MEDIUM | Unvalidated user input in external API calls The `getTokenInfo` and `checkSafety` functions construct API URLs using `tokenAddress` (e.g., `https://api.dexscreener.com/latest/dex/search?q=${tokenAddress}`). If `tokenAddress` originates from unvalidated user input, an attacker could inject arbitrary strings into the URL. While `fetch` prevents command injection, this could lead to: Denial of Service against the external APIs by sending malformed or excessively long queries; Information leakage if the external APIs respond differently to various malformed inputs, allowing an attacker to probe their infrastructure; Resource exhaustion within the skill if processing very long `tokenAddress` strings. The provided code snippet does not show explicit validation for `tokenAddress` before it's used in these external calls. Implement strict validation for `tokenAddress` to ensure it is a valid blockchain address (e.g., using `ethers.utils.isAddress()`) before using it in external API calls. | LLM | scripts/signal-api.js:90 |
Scan History
Embed Code
[](https://skillshield.io/report/95b5e13b37a89052)
Powered by SkillShield