Trust Assessment
clawbazaar received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Potential Command Injection via Unsanitized Input in Shell Commands, Sensitive Credential Handling Instructions, Implicit Broad Tool and Filesystem Access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsanitized Input in Shell Commands The skill provides several `bash` command examples (`curl`, `jq`, `cast`) that an agent is expected to execute. If an agent constructs these commands using untrusted user input for parameters such as `editionId`, `creatorAddress`, `buyerAddress`, or `address` without proper sanitization, a malicious user could inject arbitrary shell commands. For instance, if `editionId` could be crafted to include shell metacharacters (e.g., `123; rm -rf /`), it could lead to the execution of unintended commands on the agent's host system. The agent implementation must rigorously sanitize or validate all user-provided inputs before incorporating them into shell commands. Consider using libraries or frameworks that automatically handle command argument escaping, or pass arguments as separate list items to `subprocess` calls instead of constructing a single shell string. | LLM | SKILL.md:60 | |
| MEDIUM | Sensitive Credential Handling Instructions The skill instructs the agent to generate and store a private key, and to use an API key in `curl` requests. While it advises storing the private key securely in `.env` and explicitly states 'NEVER in memory files or chat', the handling of such sensitive information by an autonomous agent inherently carries a risk of accidental exposure or logging if the agent's environment or implementation is not robustly secured. The `X-API-Key` header is directly exposed in example `curl` commands, increasing the risk of leakage if the agent logs its actions. Implement robust secret management practices for the agent. Ensure private keys and API keys are loaded securely (e.g., from environment variables or a dedicated secret store) and never hardcoded, logged, or exposed in plain text during execution. Agents should use secure HTTP client libraries that abstract away direct header manipulation and prevent accidental logging of sensitive data. | LLM | SKILL.md:37 | |
| LOW | Implicit Broad Tool and Filesystem Access The skill's instructions require the agent to execute arbitrary shell commands (`cast`, `curl`, `jq`) and write to the filesystem (e.g., storing a private key in `.env`). This implies that the agent's execution environment must grant broad permissions, which increases the attack surface if the agent is compromised or misbehaves. While necessary for the skill's functionality, this broad access should be noted as a potential risk factor. Agents should operate within a sandboxed environment with the principle of least privilege. Restrict shell access to only necessary commands and limit filesystem write access to designated, temporary directories. Consider using specialized tools or APIs for wallet generation and secret storage instead of direct shell commands. | LLM | SKILL.md:37 |
Scan History
Embed Code
[](https://skillshield.io/report/049c45ac99376b87)
Powered by SkillShield