Trust Assessment
flock-api-setup received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 1 medium, and 2 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Plain-text storage of API key and private key.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Plain-text storage of API key and private key The skill explicitly saves the FLock API key and the generated Ethereum private key to a plain-text JSON file (`~/.openclaw/flock-credentials.json` or `./flock-credentials.json`) and the API key to `~/.zshrc`. Although file permissions are set to `0o600`, this method of storage is vulnerable to local compromise, accidental exposure, or backup issues. The skill itself warns about this risk, but it remains a significant security concern. Implement secure credential storage mechanisms, such as OS-level keychains, encrypted vaults, or environment variables managed by a secrets manager. Avoid storing private keys directly in plain text files. | LLM | SKILL.md:100 | |
| HIGH | Potential command injection via unsanitized user input in shell commands The skill constructs shell commands using user-provided values for API keys, wallet addresses, private keys, and model IDs. For example, `echo 'export FLOCK_API_KEY="sk-xxx"' >> ~/.zshrc` and `node {baseDir}/scripts/credentials.js save "<api-key>" "<wallet-address>" "<private-key>"`. If the user input contains shell metacharacters (e.g., `"; rm -rf /;"`), these could be executed by the shell, leading to arbitrary command execution. The skill description does not show any explicit sanitization of these inputs before they are passed to the shell. Ensure all user-provided inputs are properly sanitized or escaped before being used in shell commands. For `echo`, use `printf %q` or similar. For `node` arguments, ensure the calling mechanism (LLM agent) passes them as distinct arguments rather than embedding them in a single string that is then shell-parsed. For `openclaw` commands, rely on `openclaw`'s internal sanitization or use its programmatic API if available. | LLM | SKILL.md:100 | |
| MEDIUM | Unpinned npm dependency version Dependency 'ethers' is not pinned to an exact version ('^6.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/createpjf/flock-in-v1/scripts/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/createpjf/flock-in-v1/scripts/package.json | |
| LOW | Unpinned `ethers` dependency in package.json The `scripts/package.json` file specifies `ethers: "^6.0.0"`. The caret (`^`) operator allows for automatic updates to minor and patch versions. This can lead to non-deterministic builds and introduces a supply chain risk, as a malicious update in a future `6.x.x` version of `ethers` could be automatically pulled in without explicit review. Pin the `ethers` dependency to an exact version (e.g., `"ethers": "6.0.0"`) and include a `package-lock.json` file to ensure deterministic builds. Regularly review and manually update dependencies. | LLM | scripts/package.json:10 |
Scan History
Embed Code
[](https://skillshield.io/report/f57e38e0d4ed9114)
Powered by SkillShield