Trust Assessment
karmabank received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 3 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Direct source dependency in package.json, Local File Dependency in package.json.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct source dependency in package.json Dependency '@circle/openclaw-wallet-skill' uses non-registry source 'file:../skills/circle-wallet', which increases supply-chain risk. Prefer vetted registry releases pinned to exact versions. | Dependencies | skills/abdhilabs/agent-credit-system/package.json | |
| MEDIUM | Unpinned npm dependency version Dependency '@circle-fin/developer-controlled-wallets' is not pinned to an exact version ('^10.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/abdhilabs/agent-credit-system/package.json | |
| MEDIUM | Local File Dependency in package.json The skill uses a local file dependency `"file:../skills/circle-wallet"` for `@circle/openclaw-wallet-skill`. This means the security and functionality of this skill are directly tied to the local presence and integrity of the `circle-wallet` skill at that specific relative path. In a distributed environment, this can lead to issues if the dependent skill is not properly bundled, secured, or updated alongside the main skill, potentially introducing vulnerabilities or breaking functionality if the local dependency is missing or compromised. For distributed skills, prefer publishing `@circle/openclaw-wallet-skill` to a package registry (e.g., npm) and referencing it by version, rather than a local file path. Ensure that all dependencies are properly vetted and managed. | LLM | package.json:30 | |
| MEDIUM | Configurable File System Access via Environment Variable The `Storage` class in `src/data/storage.ts` uses `fs.readFileSync` and `fs.writeFileSync` to persist data. The base directory for these operations (`dataDir`) can be controlled by the `CREDIT_LEDGER_PATH` environment variable or defaults to `path.join(process.cwd(), 'data')`. If an attacker can manipulate `CREDIT_LEDGER_PATH` or `process.cwd()` (e.g., by running the skill in a malicious directory or injecting environment variables), they could potentially direct the skill to read from or write to arbitrary file paths on the system, leading to data exfiltration, data corruption, or privilege escalation. While the current usage within `AgentRegistry` and `LoanLedger` uses hardcoded filenames, the underlying `Storage` class exposes this capability. Restrict the `CREDIT_LEDGER_PATH` environment variable to a safe, isolated directory that is not writable by untrusted users. Implement strict validation and sanitization for any user-controlled inputs that might indirectly influence file paths. Consider using a more robust and secure storage mechanism for production environments that does not rely on direct file system access in potentially untrusted directories. | LLM | src/data/storage.ts:30 | |
| LOW | Unpinned Dependencies in package.json The `package.json` file uses caret (`^`) ranges for several dependencies (e.g., `axios`, `commander`, `dotenv`, `node-forge`, `uuid`). While `package-lock.json` pins exact versions for reproducible builds, using `^` in `package.json` allows for automatic updates to new minor or patch versions. This can introduce unexpected behavior, breaking changes, or even security vulnerabilities if a new version of a dependency contains a flaw, without explicit review. Consider pinning dependencies to exact versions (e.g., `"10.1.0"` instead of `"^10.1.0"`) to ensure consistent builds and reduce the risk of unexpected changes. Regularly audit and manually update dependencies after reviewing their changelogs for security patches and breaking changes. | LLM | package.json:28 |
Scan History
Embed Code
[](https://skillshield.io/report/98932adef409eb0f)
Powered by SkillShield