Trust Assessment
clawdvine received a trust score of 43/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 1 high, 1 medium, and 1 low severity. Key findings include Hardcoded Bearer Token detected, Unpinned npm dependency version, Skill scripts directly access EVM_PRIVATE_KEY from environment.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 8/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill scripts directly access EVM_PRIVATE_KEY from environment The skill's bundled helper scripts (`check-balance.mjs`, `sign-siwe.mjs`, `x402-generate.mjs`) are designed to read the `EVM_PRIVATE_KEY` environment variable. This private key is a highly sensitive credential that grants full control over an associated EVM wallet, including the ability to sign transactions and transfer funds. An AI agent executing these scripts would expose this critical credential directly to the script's process. If the skill itself were compromised or contained malicious code, or if the agent's execution environment is not perfectly isolated and secure, this could lead to unauthorized access and loss of funds. Implement a more secure method for handling private keys, such as integrating with a secure wallet provider (e.g., MetaMask, WalletConnect) that prompts the user for transaction signing, or using a hardware security module (HSM) or secure enclave. Avoid storing raw private keys directly in environment variables, especially in environments where code execution might be less trusted or isolated. For AI agents, consider a dedicated, isolated signing service with strict access controls. | LLM | scripts/check-balance.mjs:20 | |
| CRITICAL | Skill scripts directly access EVM_PRIVATE_KEY from environment The skill's bundled helper scripts (`check-balance.mjs`, `sign-siwe.mjs`, `x402-generate.mjs`) are designed to read the `EVM_PRIVATE_KEY` environment variable. This private key is a highly sensitive credential that grants full control over an associated EVM wallet, including the ability to sign transactions and transfer funds. An AI agent executing these scripts would expose this critical credential directly to the script's process. If the skill itself were compromised or contained malicious code, or if the agent's execution environment is not perfectly isolated and secure, this could lead to unauthorized access and loss of funds. Implement a more secure method for handling private keys, such as integrating with a secure wallet provider (e.g., MetaMask, WalletConnect) that prompts the user for transaction signing, or using a hardware security module (HSM) or secure enclave. Avoid storing raw private keys directly in environment variables, especially in environments where code execution might be less trusted or isolated. For AI agents, consider a dedicated, isolated signing service with strict access controls. | LLM | scripts/sign-siwe.mjs:17 | |
| CRITICAL | Skill scripts directly access EVM_PRIVATE_KEY from environment The skill's bundled helper scripts (`check-balance.mjs`, `sign-siwe.mjs`, `x402-generate.mjs`) are designed to read the `EVM_PRIVATE_KEY` environment variable. This private key is a highly sensitive credential that grants full control over an associated EVM wallet, including the ability to sign transactions and transfer funds. An AI agent executing these scripts would expose this critical credential directly to the script's process. If the skill itself were compromised or contained malicious code, or if the agent's execution environment is not perfectly isolated and secure, this could lead to unauthorized access and loss of funds. Implement a more secure method for handling private keys, such as integrating with a secure wallet provider (e.g., MetaMask, WalletConnect) that prompts the user for transaction signing, or using a hardware security module (HSM) or secure enclave. Avoid storing raw private keys directly in environment variables, especially in environments where code execution might be less trusted or isolated. For AI agents, consider a dedicated, isolated signing service with strict access controls. | LLM | scripts/x402-generate.mjs:30 | |
| HIGH | Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/imthatcarlos/clawdvine-skill-latest/SKILL.md:47 | |
| MEDIUM | Unpinned npm dependency version Dependency '@x402/evm' is not pinned to an exact version ('^2.2.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/imthatcarlos/clawdvine-skill-latest/package.json | |
| LOW | Dependencies in package.json use caret ranges, allowing minor version updates The `package.json` file specifies dependencies using caret (`^`) version ranges (e.g., `^2.2.0`). While `package-lock.json` pins exact versions, relying solely on the lock file for security can be risky if `package.json` is used for fresh installations or if the lock file is not consistently honored. This practice allows for automatic updates to new minor or patch versions, which could potentially introduce vulnerabilities or breaking changes without explicit review. Pin exact versions for all dependencies in `package.json` (e.g., `2.2.0` instead of `^2.2.0`). Regularly audit dependencies for known vulnerabilities using tools like `npm audit` or Snyk. | LLM | package.json:10 |
Scan History
Embed Code
[](https://skillshield.io/report/0e678acb77ca6210)
Powered by SkillShield