Trust Assessment
eyebot-walletbot received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, Remote Command Injection via EYEBOT_API, User Input Exfiltration to External API.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote Command Injection via EYEBOT_API The skill constructs a JSON payload where the 'request' field contains unsanitized user input (`$*`). This payload is then sent via `curl` to an external API endpoint defined by the `EYEBOT_API` environment variable, with `mode":"exec"`. This strongly suggests that the remote API is designed to execute the content of the 'request' field. An attacker controlling the `EYEBOT_API` endpoint or providing malicious input to the skill could achieve arbitrary command execution on the remote server where the `EYEBOT_API` is hosted. Do not send arbitrary user input to a remote endpoint for execution. Instead, validate and sanitize all user input, mapping it to specific, predefined, and safe API calls. If remote execution is absolutely necessary, implement robust input validation, sandboxing, and strong authentication/authorization on the remote server. The `EYEBOT_API` should be hardcoded to a trusted service or require explicit user consent and validation. | LLM | scripts/walletbot.sh:15 | |
| HIGH | User Input Exfiltration to External API All user input provided to the skill (e.g., wallet addresses, transaction details, commands) is captured and sent as part of a JSON payload to an external API endpoint defined by the `EYEBOT_API` environment variable. If `EYEBOT_API` is controlled by an attacker or points to an untrusted service, sensitive user data can be exfiltrated without the user's knowledge or explicit consent. The skill implicitly trusts any endpoint configured via `EYEBOT_API`. The skill should clearly inform users about data being sent to external services. Ideally, sensitive user data should be processed locally or sent only to explicitly trusted and verified endpoints. If an external API is necessary, ensure the `EYEBOT_API` endpoint is hardcoded to a trusted service or requires explicit user configuration and consent, with clear privacy implications. | LLM | scripts/walletbot.sh:16 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/eyebots/eyebot-walletbot/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/4ca82d29d567cea5)
Powered by SkillShield