Trust Assessment
batch-swap received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Excessive filesystem access permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive filesystem access permissions The skill 'batch-swap' declares 'Read', 'Glob', and 'Grep' permissions in its manifest. These tools allow the skill to read arbitrary files, list directory contents, and search file contents on the host system. For a skill whose stated purpose is 'Execute multiple token swaps', these permissions are overly broad and not directly related to its core functionality. This creates a significant risk of data exfiltration if the skill is compromised via prompt injection or other means, allowing an attacker to read sensitive files. Remove 'Read', 'Glob', and 'Grep' from the 'allowed-tools' list in the skill's manifest. Only grant permissions that are strictly necessary for the skill's intended operation (e.g., 'Task(subagent_type:trade-executor)', 'mcp__uniswap__check_safety_status', 'mcp__uniswap__get_agent_balance'). | LLM | SKILL.md | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/wpank/batch-swap/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/b4c683a08aba6dbb)
Powered by SkillShield