Trust Assessment
kelp-forest received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 3 critical, 0 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Direct handling of private key for blockchain transactions, Direct handling of private key for blockchain transactions (Keeper Loop).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct handling of private key for blockchain transactions The skill code explicitly defines and uses a `PRIVATE_KEY` variable, either directly hardcoded (as a placeholder) or read from an environment variable (`process.env.WALLET_KEY`). This private key is then used to initialize an `ethers.Wallet` object, which can sign and send blockchain transactions. Directly handling private keys in an AI agent skill's execution environment poses a severe risk of credential harvesting, misuse, or accidental exposure, leading to potential loss of funds. Avoid direct handling of private keys within AI agent skills. Instead, integrate with secure key management systems (KMS), hardware wallets, or require explicit user confirmation for transactions. If direct key access is unavoidable, ensure the execution environment is highly isolated and that the key is never persisted or logged. For development, use testnet keys only. For production, consider using a transaction relay service or a multi-sig setup where the agent only proposes transactions, and a human or secure system signs them. | LLM | skill.md:19 | |
| CRITICAL | Direct handling of private key for blockchain transactions (Keeper Loop) Similar to the main agent script, the 'Keeper Loop' script also explicitly defines and uses a `PRIVATE_KEY` variable, either directly hardcoded (as a placeholder) or read from an environment variable (`process.env.WALLET_KEY`). This private key is used to initialize an `ethers.Wallet` object for signing and sending blockchain transactions (e.g., `autoHarvest`). This direct handling of private keys in an AI agent skill's execution environment poses a severe risk of credential harvesting, misuse, or accidental exposure, leading to potential loss of funds. Avoid direct handling of private keys within AI agent skills. Instead, integrate with secure key management systems (KMS), hardware wallets, or require explicit user confirmation for transactions. If direct key access is unavoidable, ensure the execution environment is highly isolated and that the key is never persisted or logged. For development, use testnet keys only. For production, consider using a transaction relay service or a multi-sig setup where the agent only proposes transactions, and a human or secure system signs them. | LLM | skill.md:102 | |
| CRITICAL | Direct handling of private key for blockchain transactions (V4 Agent) Similar to the main agent script, the 'V4 LP NFT Staking' script also explicitly defines and uses a `PRIVATE_KEY` variable, either directly hardcoded (as a placeholder) or read from an environment variable (`process.env.WALLET_KEY`). This private key is used to initialize an `ethers.Wallet` object for signing and sending blockchain transactions (e.g., `registerAgent`, `safeTransferFrom`). This direct handling of private keys in an AI agent skill's execution environment poses a severe risk of credential harvesting, misuse, or accidental exposure, leading to potential loss of funds. Avoid direct handling of private keys within AI agent skills. Instead, integrate with secure key management systems (KMS), hardware wallets, or require explicit user confirmation for transactions. If direct key access is unavoidable, ensure the execution environment is highly isolated and that the key is never persisted or logged. For development, use testnet keys only. For production, consider using a transaction relay service or a multi-sig setup where the agent only proposes transactions, and a human or secure system signs them. | LLM | skill.md:190 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/iam-rekt/kelp-forest/skill.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/0c8e8d67630c2761)
Powered by SkillShield