Trust Assessment
Kaspa Wallet received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 2 critical, 3 high, 0 medium, and 0 low severity. Key findings include Untrusted installation script execution, Privileged command execution instruction, Untrusted directory deletion instruction.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Privileged command execution instruction The skill suggests running `sudo apt install python3-venv` for troubleshooting. Instructing an agent to execute commands with `sudo` grants elevated privileges, which can lead to system compromise if the command or its arguments are manipulated or if the agent misinterprets the instruction. This is a direct command injection risk with excessive permissions. Avoid instructing agents to run commands with `sudo`. If elevated privileges are strictly necessary, provide a secure, sandboxed environment or a more controlled mechanism for privilege escalation. | LLM | SKILL.md:20 | |
| CRITICAL | Exposure of highly sensitive credentials via environment variables The skill explicitly requires `KASPA_PRIVATE_KEY` or `KASPA_MNEMONIC` to be set as environment variables. These are highly sensitive cryptographic credentials that grant full control over a cryptocurrency wallet. Exposing them directly to the skill's execution environment creates a critical data exfiltration and credential harvesting risk. Even with 'Security Notes' claiming non-logging, a malicious or compromised skill could easily read and exfiltrate these values. Implement secure credential management. Avoid passing raw private keys or mnemonics directly as environment variables. Use a secure vault, hardware security module (HSM), or a mechanism that provides temporary, scoped access to signing capabilities without exposing the raw secret to the skill's process. | LLM | SKILL.md:27 | |
| HIGH | Untrusted installation script execution The skill instructs the agent to execute `python3 install.py` during setup. The content of `install.py` is not provided in the skill package context, meaning the agent is instructed to run arbitrary, unknown code from an untrusted source. This poses a significant command injection and supply chain risk, as the script could perform malicious actions, install compromised dependencies, or exfiltrate data. Provide the full source code of `install.py` for review, or replace with a declarative dependency management system (e.g., `requirements.txt`) and a standard installation command (`pip install -r requirements.txt`). | LLM | SKILL.md:12 | |
| HIGH | Untrusted directory deletion instruction The skill suggests running `rm -rf .venv` for reinstallation. While `.venv` is typically a virtual environment directory, instructing an agent to execute `rm -rf` from an untrusted source is a command injection risk. A malicious or misinterpreted command could lead to unintended data loss or system instability if the path is altered. Avoid instructing agents to use destructive commands like `rm -rf`. If cleanup is necessary, provide a safer, more constrained method or rely on the agent's sandboxing capabilities. | LLM | SKILL.md:21 | |
| HIGH | Untrusted core script execution The primary functionality of the skill relies on executing `./kaswallet.sh` commands. The content of `kaswallet.sh` is not provided in the skill package context, meaning the agent is instructed to run arbitrary, unknown code from an untrusted source for every operation. This poses a significant command injection and supply chain risk, as the script could contain malicious logic, interact with external systems, or exfiltrate data. Provide the full source code of `kaswallet.sh` for review, or replace shell script execution with direct calls to a well-defined and auditable API or library within a sandboxed environment. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/73947dae989171b7)
Powered by SkillShield