Trust Assessment
cifer-sdk received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Missing required field: name, External Service Dependency with Configurable Endpoint, Private Key Usage in Example Code.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | External Service Dependency with Configurable Endpoint The skill relies on an external 'blackbox' service for core encryption/decryption operations. The `blackboxUrl` is configurable, and if an AI agent is instructed to use a malicious endpoint, sensitive data (plaintext, ciphertext, and signer details like wallet address and signing requests) could be exfiltrated to an attacker-controlled server. The default URL is `https://blackbox.cifer.network`, but the configurability introduces a significant risk if not properly validated. Implement strict validation or whitelisting of `blackboxUrl` values within the AI agent's environment. Warn users about the risks of using untrusted `blackboxUrl` configurations. Consider sandboxing or network policies to restrict outbound connections to only trusted endpoints. | LLM | skill.md:40 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/mohsinriaz17/cifer-sdk/skill.md:1 | |
| MEDIUM | Private Key Usage in Example Code The server-side example demonstrates the use of `process.env.PRIVATE_KEY` to initialize an `ethers.Wallet`. While this is a common and generally secure pattern for server-side applications, an AI agent might be prompted to directly use this example in an insecure environment or to log the `PRIVATE_KEY` if not properly secured. This could lead to the exposure and harvesting of the private key. Add explicit warnings in the documentation about securing `PRIVATE_KEY` environment variables and avoiding hardcoding or logging them. Advise against using this pattern in client-side or untrusted environments where the private key cannot be adequately protected. | LLM | skill.md:399 | |
| LOW | Standard Wallet Permissions Required The skill requires standard wallet permissions (`eth_requestAccounts`, `signMessage`, `sendTransaction`) to interact with blockchain networks. While these permissions are necessary for the skill's intended functionality (e.g., creating secrets, managing delegations, encrypting/decrypting data), a compromised AI agent could potentially misuse these permissions to sign malicious transactions or messages without explicit user consent. Emphasize the importance of user confirmation for all transactions and message signings. Advise AI agents to clearly communicate the intent and details of any signing request to the user before prompting for approval. Implement robust user interaction patterns to prevent silent or coerced signing. | LLM | skill.md:199 |
Scan History
Embed Code
[](https://skillshield.io/report/a0f6db49aa506ae5)
Powered by SkillShield