Trust Assessment
compare-crypto-payments received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Command Injection via Unpinned Remote Script Execution (PayRam), Command Injection via Unpinned Remote Script Execution (BTCPay Server).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via Unpinned Remote Script Execution (PayRam) The skill instructs to clone a remote GitHub repository (`https://github.com/PayRam/payram-helper-mcp-server`) and then execute `yarn install && yarn dev`. This command sequence fetches code from an unpinned remote source (defaulting to the latest `HEAD` of the main branch) and then executes arbitrary code from it. If the remote repository is compromised or updated with malicious content, or if any of its dependencies are malicious, it could lead to arbitrary code execution on the host system where the skill is run. This represents a significant supply chain risk combined with direct command execution. Pin the `git clone` operation to a specific commit hash or tag (e.g., `git clone -b <tag_or_hash> ...`). Thoroughly review the `package.json` and associated scripts (`yarn dev`) for any malicious or overly broad operations before execution. Implement sandboxing or isolated environments for executing such commands. | LLM | SKILL.md:296 | |
| HIGH | Command Injection via Unpinned Remote Script Execution (BTCPay Server) The skill instructs to clone a remote GitHub repository (`https://github.com/btcpayserver/btcpayserver-docker`) and then execute `./btcpay-setup.sh`. This command sequence fetches code from an unpinned remote source (defaulting to the latest `HEAD` of the main branch) and then executes an arbitrary shell script from it. If the remote repository is compromised or updated with malicious content, it could lead to arbitrary code execution on the host system where the skill is run. This represents a significant supply chain risk combined with direct command execution. Pin the `git clone` operation to a specific commit hash or tag (e.g., `git clone -b <tag_or_hash> ...`). Thoroughly review the `btcpay-setup.sh` script for any malicious or overly broad operations before execution. Implement sandboxing or isolated environments for executing such commands. | LLM | SKILL.md:305 |
Scan History
Embed Code
[](https://skillshield.io/report/f6f194d850da07d7)
Powered by SkillShield