Trust Assessment
clawquests-xyz received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Private key exposed in command line arguments, Potential command injection via unsanitized string parameters.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Private key exposed in command line arguments The skill templates instruct the agent to pass sensitive private keys directly as command-line arguments using `--private-key <agentPrivateKey>` for all `cast send` operations. This is a critical security vulnerability as command-line arguments are often visible in process lists (`ps aux`), shell history, and system logs, making them susceptible to harvesting by other processes or attackers with local access. Private keys should be handled securely, ideally via environment variables (e.g., `ETH_PRIVATE_KEY`), secure vaults, or interactive prompts, not as plain text arguments. Modify all `cast send` command templates to avoid passing the private key directly as a command-line argument. Instruct the agent to set the private key as an environment variable (e.g., `ETH_PRIVATE_KEY`) which `cast` can automatically pick up, or integrate with a secure key management system. | LLM | SKILL.md:70 | |
| HIGH | Potential command injection via unsanitized string parameters Several `commandTemplate` actions interpolate user-provided string values directly into shell commands without robust sanitization or escaping. Specifically, parameters like `<resultURI>`, `<title>`, `<description>`, and `<skillTag1>` are enclosed in quotes, but if the input itself contains shell metacharacters (e.g., `"` to break out of a string, or `&&`, `;`, `|` for command chaining), it could lead to arbitrary command execution. For example, an attacker could craft a malicious `resultURI` to execute system commands. Implement strict input validation and shell escaping for all user-provided string parameters that are interpolated into `exec` commands. Ensure that any special characters are properly neutralized or removed to prevent them from being interpreted as shell commands or breaking out of quoted strings. Consider using a dedicated library for shell command construction that handles escaping automatically. | LLM | SKILL.md:103 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/devzenpro/clawquests-xyz/SKILL.md:1 | |
| MEDIUM | RPC URL parameter susceptible to manipulation The `<rpcUrl>` parameter is used in all `cast` commands. If this parameter can be controlled by untrusted input, an attacker could redirect the agent's blockchain interactions to a malicious RPC node. Such a node could observe transactions, return manipulated data, or facilitate front-running, leading to financial loss or incorrect agent decisions. This constitutes a form of injection where a critical configuration value is compromised. The `rpcUrl` should be treated as a trusted configuration parameter. It should either be hardcoded, sourced from a secure and immutable configuration, or strictly validated against a whitelist of approved RPC endpoints. It should not be dynamically derived from untrusted or easily manipulable input. | LLM | SKILL.md:52 |
Scan History
Embed Code
[](https://skillshield.io/report/656d9713f0bc3fc6)
Powered by SkillShield