Trust Assessment
bnbchain-mcp received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Node lockfile missing, Unpinned external dependency `bnbchain-mcp`, Skill exposes broad capabilities of external dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned external dependency `bnbchain-mcp` The skill relies on an external package `bnbchain-mcp` which is invoked via `uv run bnbchain-mcp`. There is no `requirements.txt` or `pyproject.toml` provided to pin the version of this dependency. This makes the skill vulnerable to supply chain attacks, such as malicious updates to the `bnbchain-mcp` package or typosquatting, where a compromised version could be installed and executed. Pin the version of `bnbchain-mcp` in a `requirements.txt` or `pyproject.toml` file and ensure `uv` installs that specific version. Implement dependency integrity checks (e.g., hash verification) to prevent unauthorized modifications. | LLM | scripts/mcp-client.py:20 | |
| MEDIUM | Skill exposes broad capabilities of external dependency The `mcp-client.py` script acts as a wrapper to an external `bnbchain-mcp` server. The `SKILL.md` indicates this server can "fetch git diffs" and "retrieve smart contract source code." These capabilities imply significant access to external resources (e.g., network, potentially file system for git repositories). While the client script passes arguments via stdin as JSON, the underlying `bnbchain-mcp` server, if compromised or designed with vulnerabilities, could leverage these broad permissions to perform unauthorized actions or exfiltrate data. The skill itself does not restrict the scope of the `bnbchain-mcp` server's operations. Thoroughly audit the `bnbchain-mcp` package for vulnerabilities, especially how it handles `tool_name` and `arguments`. Implement strict input validation and sanitization within the `bnbchain-mcp` server. Consider sandboxing the `bnbchain-mcp` process to limit its access to system resources. Clearly document the security implications and required trust in the `bnbchain-mcp` dependency. | LLM | scripts/mcp-client.py:20 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/0xlucasliao/bnbchain-mcp/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/979c9521a9190dfe)
Powered by SkillShield