Security Audit

jb-omnichain-payout-limits

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

jb-omnichain-payout-limits received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential API Key Exposure in Code Snippet, Direct Handling of Operator Private Key in Code Snippet.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Shell Execution

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Direct Handling of Operator Private Key in Code Snippet The `checkAndPauseIfNeeded` function in 'Approach 3: Automated Cron + Relayr' takes `operatorKey: string` as a direct parameter and uses it to call `relayr.payForBundle(bundle, config.operatorKey)`. This `operatorKey` is highly likely to be a private key or a similarly sensitive credential required for signing blockchain transactions. Passing such a key directly as a string argument in a function that an AI agent might execute or generate is a severe security risk, leading to potential credential harvesting or compromise. Emphasize that private keys (`operatorKey`) should never be passed directly as string arguments or hardcoded. Instead, they must be managed via secure environment variables, hardware wallets, or dedicated key management services. The agent should be strictly instructed not to handle such keys directly. The interaction with `relayr` requiring a private key should ideally be abstracted behind a secure backend service, not exposed to the agent or user in this manner.	LLM	SKILL.md:190
MEDIUM	Potential API Key Exposure in Code Snippet The code snippet for 'Approach 2: Monitoring + Manual Pause' and 'Approach 3: Automated Cron + Relayr' includes a placeholder `{API_KEY}` in the `BENDYSTRAW_API` constant. If an AI agent were to execute or generate code based on this snippet, it might be prompted to substitute a real API key directly into the string, potentially exposing it in logs or less secure contexts. Instruct users to manage API keys securely (e.g., environment variables, secure secrets management) and ensure the agent does not substitute real keys into code snippets directly. The skill should explicitly warn against hardcoding or directly embedding API keys.	LLM	SKILL.md:100

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/cc61facfb7270209.svg)](https://skillshield.io/report/cc61facfb7270209)