Trust Assessment
crucible received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 1 low severity. Key findings include Private Key Persistence to File, Filesystem Write Access for Sensitive Data, Unpinned Skill Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 46/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Private Key Persistence to File The skill explicitly instructs the AI agent to save its generated private key to a file named `crucible-wallet.json` in its memory/workspace directory. Storing private keys in plaintext files within the agent's accessible memory is a severe security risk. If the agent's environment or memory is compromised, the private key can be easily exfiltrated, leading to loss of funds or unauthorized control over the associated wallet. Do not store private keys directly in files. Instead, use secure key management solutions provided by the host environment, or instruct the agent to use a secure vault/keyring service. If direct file storage is unavoidable, ensure the file is encrypted and access-controlled, and that the agent is instructed to delete it after use or when no longer needed. For a skill, it's generally safer to rely on the underlying platform's secure wallet management capabilities rather than instructing the agent to handle raw private keys. | LLM | SKILL.md:139 | |
| HIGH | Filesystem Write Access for Sensitive Data The skill requires the agent to read from and write to files (`crucible-wallet.json`, `crucible-combat.json`) in its memory/workspace directory. While necessary for persistence, this permission becomes excessive and high-risk when combined with the instruction to store a private key in `crucible-wallet.json`. Broad filesystem write access, especially for sensitive data, increases the attack surface for data exfiltration or tampering if the agent's execution environment is compromised. Limit filesystem access to only what is strictly necessary. For sensitive data like private keys, leverage secure storage mechanisms provided by the platform rather than direct file writes. If persistence is required, consider using platform-specific secure storage APIs that abstract away direct file handling and provide encryption/access control. For less sensitive data like combat state, ensure the agent is instructed to handle file paths carefully to prevent directory traversal vulnerabilities. | LLM | SKILL.md:130 | |
| MEDIUM | Unpinned Skill Dependency The skill manifest declares a dependency on `monad-development` without specifying a version or version range. This 'unpinned' dependency can lead to supply chain risks, as updates to `monad-development` could introduce breaking changes, vulnerabilities, or even malicious code without the `crucible` skill author's explicit review. This lack of version pinning makes the skill susceptible to unexpected behavior or security issues if a future version of the dependency is incompatible or compromised. Specify a precise version or a narrow version range for the `monad-development` skill dependency in the manifest. For example, `"monad-development@1.2.3"` or `"monad-development@^1.0.0"`. This ensures that the skill uses a tested and known-good version of its dependency, reducing the risk of unexpected changes or vulnerabilities introduced by future updates. | LLM | Manifest:1 | |
| LOW | External Callback URL Provision The skill instructs the agent to provide an optional `callbackUrl` to an external arbiter service (`https://crucible-ikfm.onrender.com`). While the example URL (`https://your-agent.com/webhook`) suggests an external, agent-controlled endpoint, there's a low risk that an agent might inadvertently provide an internal or sensitive URL as its callback. If the arbiter service were malicious or compromised, it could potentially probe or exfiltrate data from the provided callback URL. Instruct the agent to only provide publicly accessible and non-sensitive URLs for callbacks. If the platform allows, provide a mechanism for the agent to validate or sanitize URLs before providing them to external services. The skill could also explicitly warn the agent about the risks of providing internal or sensitive URLs. | LLM | SKILL.md:180 |
Scan History
Embed Code
[](https://skillshield.io/report/0b080b3bd0ec7d2e)
Powered by SkillShield