Trust Assessment
bnbchain-erc8004-agent received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Weak default password in example code.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Weak default password in example code The example Python code for setting up the wallet uses `os.getenv` to retrieve a wallet password, providing a hardcoded default value 'default-secure-password'. While the skill's 'Security Note' advises setting the `WALLET_PASSWORD` environment variable, users might copy this example directly without overriding the default, leading to a weak and predictable password for their agent's wallet. This could compromise the agent's on-chain identity if the default password is used. Remove the hardcoded default password from the example, forcing users to explicitly set the `WALLET_PASSWORD` environment variable or provide it interactively. For instance, change `os.getenv("WALLET_PASSWORD", "default-secure-password")` to `os.getenv("WALLET_PASSWORD")` and add a check to ensure the variable is set, or use a more secure method for password input in examples (e.g., `getpass`). | LLM | SKILL.md:44 |
Scan History
Embed Code
[](https://skillshield.io/report/d0ba9f15a73e002a)
Powered by SkillShield