Trust Assessment
handling-transactions received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Untrusted Input Leading to Unauthorized Financial Transactions, Unpinned Dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted Input Leading to Unauthorized Financial Transactions The skill provides functionality to create and send token transfer calls (`createUSDCTransferCalls` and `ctx.conversation.sendWalletSendCalls`). The `createUSDCTransferCalls` function directly accepts `to` address and `amount` as arguments. If an LLM agent using this skill is vulnerable to prompt injection, an attacker could manipulate these arguments to initiate unauthorized token transfers to arbitrary addresses or with arbitrary amounts, leading to direct financial loss. The `SKILL.md` itself is untrusted content, and the code snippets demonstrate a clear path for an attacker to craft malicious transaction requests if they can control the inputs to the skill. Implement robust input validation and strict authorization checks for all parameters involved in financial transactions, especially `to` address and `amount`. Require explicit user confirmation for all sensitive transactions. Consider implementing transaction limits, whitelisting of recipient addresses, or multi-factor authentication for high-value transfers. The LLM agent must have strong guardrails to prevent prompt injection from influencing financial operations. | LLM | SKILL.md:69 | |
| MEDIUM | Unpinned Dependencies The skill imports external libraries such as `@xmtp/agent-sdk`, `viem`, and `viem/chains` without specifying exact version numbers. This practice, if reflected in the actual project's dependency management (e.g., `package.json`), can lead to supply chain risks. An unpinned dependency could automatically update to a new major version containing breaking changes, vulnerabilities, or even malicious code if a dependency maintainer's account is compromised, without explicit review. Ensure all external dependencies are pinned to specific, immutable versions (e.g., `viem@1.x.x`) in the project's dependency manifest (e.g., `package.json`). Regularly audit and update dependencies after thorough review to mitigate risks from outdated or vulnerable packages. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/63a6426e0cfdbd6d)
Powered by SkillShield