Trust Assessment
fee-abstraction received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Exposure of Private Key via Environment Variable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Exposure of Private Key via Environment Variable The provided example code accesses a private key directly from an environment variable (`process.env.SPONSOR_PRIVATE_KEY`). If this code were to be executed by an AI agent or in an insecure environment, it could lead to the private key being logged, exfiltrated, or used for unauthorized transactions. Directly handling private keys in this manner is a severe security risk. Avoid directly accessing private keys from environment variables within code that might be executed by an AI agent or in a client-side context. For server-side operations, use secure key management systems (KMS), hardware security modules (HSM), or secure enclaves. If this is purely illustrative, add a prominent warning about the security implications of handling private keys this way and advise against using it in production without robust security measures. | LLM | SKILL.md:206 |
Scan History
Embed Code
[](https://skillshield.io/report/fdab66d35323acfe)
Powered by SkillShield