Trust Assessment
kogaion-playground-and-launchpad received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Agent required to handle Solana private keys.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Agent required to handle Solana private keys The skill's 'Launch Flow' explicitly requires the agent to 'Generate mint keypair,' 'Store the keypair,' and 'Sign with (1) the mint keypair... (2) the user wallet keypair.' This means the LLM agent is expected to generate, store (even if temporarily in memory), and use Solana private keys. LLMs are not designed for secure handling of cryptographic private keys, making them highly vulnerable to accidental exposure through outputs, logs, or malicious prompt injection leading to key exfiltration or unauthorized transaction signing. Modify the skill to offload private key management and transaction signing to a secure, external wallet or hardware security module (HSM) that is not directly accessible by the LLM. The agent should only receive signed transactions or request signing from a secure component, never handle private keys directly. | LLM | SKILL.md:190 |
Scan History
Embed Code
[](https://skillshield.io/report/39484b1ff353363d)
Powered by SkillShield