Trust Assessment
binance-hunter received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 5 findings: 0 critical, 0 high, 2 medium, and 2 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Potential Command Injection via Shell Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned npm dependency version Dependency 'ccxt' is not pinned to an exact version ('^4.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/tetravad/binance-hunter/package.json | |
| MEDIUM | Potential Command Injection via Shell Execution The skill's documentation (`SKILL.md`) demonstrates the construction and execution of shell commands using `curl` and `openssl`. These commands incorporate variables such as `$QUERY`, `$SECRET`, and `$API_KEY`. While the examples show double-quoting, if the skill's actual implementation (implied by the `metadata.requires.bins` entry for `curl`, `jq`, `python3`) constructs these commands with user-controlled input for any of these variables without robust sanitization or escaping, it could lead to arbitrary command execution. For instance, if `$API_KEY` or `$SECRET` could be manipulated to contain shell metacharacters (e.g., `"; evil_command #"`) or command substitutions (e.g., `$(evil_command)`), it could break out of the quoted string and execute arbitrary commands. This is a common vulnerability pattern in skills that wrap shell commands. Ensure all variables interpolated into shell commands are rigorously sanitized and properly escaped (e.g., using `shlex.quote` in Python) to prevent shell metacharacters from being interpreted as commands. Avoid direct shell execution with user-controlled input where possible, preferring library calls. | LLM | SKILL.md:57 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/tetravad/binance-hunter/package.json | |
| LOW | Unpinned Dependencies in package.json The `package.json` file specifies Python dependencies (`ccxt`, `pandas`, `ta`) using caret (`^`) version ranges. This allows for automatic updates to new minor or patch versions. While convenient, this practice can introduce supply chain risks if a new version of a dependency contains a vulnerability or breaking change. Pinning to exact versions (e.g., `==4.0.0`) or using tilde ranges (`~=4.0.0`) would provide more stability and security by preventing unexpected updates. Pin dependencies to exact versions (e.g., `"ccxt": "4.0.0"`) or use tilde ranges (e.g., `"ccxt": "~4.0.0"`) to ensure consistent and secure builds. Regularly audit and update dependencies. | LLM | package.json:4 | |
| INFO | Referral ID as Hidden Instruction/Manipulation The `SKILL.md` (which is untrusted content) explicitly includes a referral ID (`GRO_28502_YLP17`) and a link to create an account using that referral ID. This is an attempt to influence the user's (or potentially the LLM's) behavior to benefit the skill author financially. While not a direct security exploit, it represents an instruction embedded in untrusted content that aims to manipulate actions, aligning with the spirit of prompt injection or hidden instructions, albeit at a lower severity. Ensure that any promotional or manipulative content is clearly separated from core skill functionality and is not presented in a way that could mislead or unduly influence the LLM or user. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/03fc03b93c292622)
Powered by SkillShield