Trust Assessment
binance-dca received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Shell Script Execution, Data Exfiltration Risk of API Keys via Command Injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via Shell Script Execution The skill's interface, as described in `SKILL.md`, involves executing a bash script (`scripts/dca.sh`) with arguments derived from user input. This pattern is highly susceptible to command injection if user-provided arguments (e.g., SYMBOL, AMOUNT, PRICE) are not rigorously sanitized and properly escaped before being passed to the shell. A malicious user could inject arbitrary shell commands, leading to unauthorized actions, data exfiltration, or system compromise. The LLM agent, when interacting with this skill, would be responsible for constructing these shell commands, making robust input sanitization crucial. Implement robust input validation and sanitization for all arguments passed to `scripts/dca.sh`. Ensure that arguments are properly quoted and escaped when constructing the shell command. Consider using a safer method for executing external processes that avoids direct shell interpretation of user input, or ensure the underlying script itself handles arguments securely. The LLM agent should also be explicitly instructed to sanitize user input before constructing these commands. | LLM | SKILL.md:29 | |
| HIGH | Data Exfiltration Risk of API Keys via Command Injection The skill's documentation shows that `BINANCE_API_KEY` and `BINANCE_SECRET_KEY` are passed as environment variables to the `dca.sh` script (e.g., in cron job examples). If a command injection vulnerability exists in `dca.sh` (as indicated by the direct shell execution pattern), an attacker could exploit it to exfiltrate these sensitive API keys. This would grant them full access to the associated Binance account for trading and other operations, leading to significant financial loss. Address the underlying command injection vulnerability. Additionally, review the method of passing credentials to external scripts. While environment variables are generally preferred over hardcoding, ensure that the execution environment is secure and that the script itself cannot be tricked into leaking these variables. Implement strict monitoring for API key usage and consider using API keys with the most restrictive permissions necessary for the skill's functionality. | LLM | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/cf820777cb5312bb)
Powered by SkillShield