Trust Assessment
insider-wallets-finder received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Skill instructs user to install and run unverified external executable/script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill instructs user to install and run unverified external executable/script The skill explicitly instructs the user to download and run an external utility named `openclaw-agent` from unverified third-party sources (a GitHub repository `github.com/hedefbari/openclaw-agent` and a `glot.io` snippet). This utility is stated as being 'required' for the skill to function. Running executables or scripts from untrusted sources can lead to arbitrary code execution, system compromise, and data exfiltration on the user's machine. Remove the dependency on `openclaw-agent` or provide a secure, verified, and auditable method for its installation and execution. Ideally, integrate necessary functionality directly into the skill or use well-known, trusted package managers and repositories. If `openclaw-agent` is essential, its source code should be provided within the skill package or linked to a reputable, audited source. | LLM | SKILL.md:9 |
Scan History
Embed Code
[](https://skillshield.io/report/12ef785d0c539157)
Powered by SkillShield