Trust Assessment
BaseMail received a trust score of 64/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 7 findings: 0 critical, 0 high, 5 medium, and 1 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned npm dependency version, Arbitrary file read via --wallet argument.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/daaab/basemail/scripts/crypto-utils.js:3 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/daaab/basemail/scripts/setup.js:42 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/daaab/basemail/scripts/setup.js:76 | |
| MEDIUM | Unpinned npm dependency version Dependency 'ethers' is not pinned to an exact version ('^6.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/daaab/basemail/package.json | |
| MEDIUM | Arbitrary file read via --wallet argument The `scripts/register.js` script allows specifying an arbitrary file path for a private key using the `--wallet` command-line argument. If an attacker can control this argument (e.g., through prompt injection into the AI agent that invokes this skill), they could potentially make the skill read any file on the system that the Node.js process has read permissions for, leading to data exfiltration. Restrict the `--wallet` argument to only accept paths within the skill's designated secure configuration directory (e.g., `~/.basemail/`) or remove the argument entirely, relying on environment variables or the managed wallet. Implement strict input validation to prevent directory traversal attacks (e.g., `../`). | LLM | scripts/register.js:60 | |
| LOW | `ethers` dependency is not strictly pinned The `package.json` specifies `ethers: "^6.0.0"`. While `package-lock.json` provides a specific version, the caret (`^`) range allows for minor version updates (`6.x.x`) which could introduce breaking changes or, in a worst-case scenario, vulnerabilities if a malicious update is published within the allowed range. For security-critical libraries, strict pinning to exact versions is often preferred. Pin the `ethers` dependency to an exact version (e.g., `"ethers": "6.16.0"`) or use a tilde range (e.g., `"~6.16.0"`) to only allow patch updates. Regularly audit and update dependencies. | LLM | package.json:9 | |
| INFO | Option for plaintext private key storage The `scripts/setup.js` script provides an option (`--no-encrypt`) to store the generated private key in plaintext on the filesystem (`~/.basemail/private-key`). While the skill explicitly warns the user about this being less secure, it presents a potential risk if chosen in an insecure environment or by an uninformed user. Strongly discourage or remove the plaintext storage option. If retained, ensure warnings are prominent and consider adding a more robust confirmation step. Prioritize encrypted storage or environment variables. | LLM | scripts/setup.js:160 |
Scan History
Embed Code
[](https://skillshield.io/report/336c7b7493f012d5)
Powered by SkillShield