Trust Assessment
cryptowallet received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 1 critical, 2 high, 8 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Sensitive path access: AI agent config, Unpinned Python dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted SKILL.md examples enable prompt-to-command injection The `SKILL.md` file, explicitly marked as untrusted input, contains `bash` command examples. If an LLM agent uses these examples as templates and substitutes untrusted user input directly into command arguments (e.g., wallet name, password), it can lead to command injection on the host system. For instance, a user providing `mywallet; rm -rf /` as a wallet name could execute arbitrary commands. The `for` loop example further exacerbates this risk by demonstrating shell-level control flow that could be manipulated. The LLM agent must sanitize or strictly validate all user-provided arguments before constructing and executing shell commands based on skill documentation. Arguments should be quoted and escaped to prevent shell metacharacter injection. Consider using a safer execution mechanism than direct shell command construction, such as passing arguments directly to Python scripts via an API or a more robust command-line parsing library. | LLM | SKILL.md:20 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/gnufoo/cryptowallet/SKILL.md:95 | |
| HIGH | Reliance on unaudited HD wallet features in a critical component The `scripts/wallet_manager.py` explicitly enables `eth_account`'s `Account.enable_unaudited_hdwallet_features()`. This indicates that the underlying code for generating hierarchical deterministic (HD) wallets may not have undergone sufficient security review or auditing. In a cryptocurrency wallet application, the security and integrity of wallet generation are paramount, making reliance on unaudited features a significant supply chain risk to the security of user funds. Investigate the security implications of using unaudited HD wallet features. If possible, use only audited and stable features of the `eth-account` library. If not, ensure thorough internal security review and auditing of the relevant `eth-account` code, or consider migrating to an alternative, fully audited library for HD wallet generation. | LLM | scripts/wallet_manager.py:10 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/gnufoo/cryptowallet/scripts/crypto_utils.py:4 | |
| MEDIUM | Unpinned Python dependency version Requirement 'web3>=6.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/gnufoo/cryptowallet/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'solana>=0.30.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/gnufoo/cryptowallet/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'solders>=0.18.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/gnufoo/cryptowallet/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'eth-account>=0.9.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/gnufoo/cryptowallet/requirements.txt:4 | |
| MEDIUM | Unpinned Python dependency version Requirement 'cryptography>=41.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/gnufoo/cryptowallet/requirements.txt:5 | |
| MEDIUM | Unpinned Python dependency version Requirement 'base58>=2.1.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/gnufoo/cryptowallet/requirements.txt:6 | |
| MEDIUM | Unpinned dependencies in requirements.txt The `requirements.txt` file specifies dependencies using loose version constraints (e.g., `web3>=6.0.0`). This allows `pip` to install any newer version that satisfies the constraint, which could introduce breaking changes, unexpected behavior, or even security vulnerabilities that have not been tested with the current skill. Pinning exact versions (`==`) ensures reproducible and stable environments, mitigating supply chain risks. Pin all dependencies to exact versions (e.g., `web3==6.x.y`) to ensure reproducible builds and prevent unexpected issues from upstream package updates. Regularly review and update pinned versions to incorporate necessary security patches and feature updates. | LLM | requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/ad9fe2d4a42fee55)
Powered by SkillShield