Trust Assessment
farcaster-agent received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 1 low severity. Key findings include Plaintext storage of private keys, Private key exposed in console output, Private keys passed as environment variables.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 46/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Plaintext storage of private keys The skill automatically saves sensitive Farcaster custody and signer private keys to a local file (`~/.openclaw/farcaster-credentials.json` or `./credentials.json`) in plain text JSON format. This is explicitly warned about in the skill description. Any entity with access to the filesystem can compromise the user's Farcaster account and associated wallet funds, leading to potential loss of assets and control. Implement secure credential storage mechanisms (e.g., OS-level keychains, encrypted vaults, environment variables for production, or requiring manual input for sensitive keys). Avoid storing private keys directly on disk in plain text. Provide an option to disable auto-save by default and make it the default secure behavior. | LLM | SKILL.md:57 | |
| HIGH | Private key exposed in console output The skill instructs the user to generate a new wallet and then prints the generated private key directly to the console. This exposes a highly sensitive credential in a potentially insecure manner, as console logs can be captured or viewed by unauthorized parties, especially in shared or compromised environments. This increases the risk of credential harvesting. Avoid printing private keys or other sensitive credentials directly to standard output. Instead, guide users to secure methods for handling and storing such keys, or use secure input prompts that mask the input. | LLM | SKILL.md:34 | |
| MEDIUM | Private keys passed as environment variables The skill frequently instructs users to pass sensitive private keys (`PRIVATE_KEY`, `SIGNER_PRIVATE_KEY`) as environment variables for command-line executions. While common, environment variables can be less secure than other methods (e.g., secure prompts, dedicated credential stores) as they can sometimes be visible in process lists (`ps aux`) or inherited by child processes, potentially exposing them to other processes on the system. Recommend using more secure methods for passing sensitive credentials, such as secure input prompts, temporary files with restricted permissions, or integration with secure credential management systems. | LLM | SKILL.md:46 | |
| LOW | Unpinned npm dependencies in install command The skill's manifest uses `npm install` without specifying a `package-lock.json` or explicitly pinned versions for its dependencies. This can lead to supply chain risks where malicious updates to upstream dependencies could be pulled in if `package.json` allows for broad version ranges, potentially introducing vulnerabilities or backdoors into the skill's execution environment. Ensure `package-lock.json` is committed and use `npm ci` for deterministic installs, or explicitly pin dependency versions in `package.json` to prevent unexpected updates and ensure build reproducibility. | LLM | Manifest:3 |
Scan History
Embed Code
[](https://skillshield.io/report/9c6845ce16d57dc0)
Powered by SkillShield