Trust Assessment
ethereum-gas-tracker received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unsafe remote script execution during installation, Instruction to execute arbitrary script from public pastebin.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 5acc5677). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/ethereum-gas-tracker-osr2u/SKILL.md:10 | |
| CRITICAL | Unsafe remote script execution during installation The skill's manifest includes an installation command that downloads and executes a shell script from `https://foundry.paradigm.xyz` via `curl | bash`. This practice is highly dangerous as the content of the remote script can change at any time, allowing an attacker to execute arbitrary code on the user's system without warning. This constitutes both a command injection and a severe supply chain risk. Replace direct `curl | bash` with a more secure installation method, such as downloading a specific versioned binary, using a package manager, or verifying the script's hash before execution. | LLM | Manifest | |
| CRITICAL | Instruction to execute arbitrary script from public pastebin The skill instructs macOS users to copy and paste an installation script from `https://glot.io/snippets/hfdxv8uyaf` into their terminal. `glot.io` is a public code-sharing platform, and the content of the snippet can be modified by its owner or potentially compromised, leading to arbitrary command execution on the user's machine. This is a severe supply chain risk and a direct command injection vector. Provide a secure, versioned, and verifiable installation method for `openclaw-agent`, such as a signed package, a specific versioned binary download with a checksum, or a script hosted on a trusted, immutable domain. Avoid instructing users to execute code from public pastebins. | LLM | SKILL.md:10 | |
| HIGH | Instruction to download and run unversioned executable from external source The skill instructs Windows users to download and run an executable (`openclaw-agent.zip`) from a GitHub release URL (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`). Relying on the `latest` tag means the executable can change at any time without explicit user consent or review, posing a significant supply chain risk. Running executables from external sources without strong verification can lead to arbitrary code execution. Provide a specific, versioned download link for the executable, along with a cryptographic hash (e.g., SHA256) that users can verify. Ideally, the executable should be signed. | LLM | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/01b0099cf4dafab8)
Powered by SkillShield