Trust Assessment
metamask received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Untrusted script execution during installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Untrusted script execution during installation The skill's manifest specifies an installation command that pipes the output of `curl` directly into `bash`. This method (`curl -L <URL> | bash`) is inherently risky as it executes arbitrary code downloaded from an external URL (`https://foundry.paradigm.xyz`) without prior inspection or integrity verification. If the remote server were compromised, malicious code could be executed on the user's system during skill installation. Avoid piping `curl` output directly to `bash`. Instead, download the script, inspect it, verify its checksum/signature, and then execute it. Alternatively, use a trusted package manager if available for the tool, or provide instructions for manual installation with verification steps. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/1ee1d112695ea238)
Powered by SkillShield