Trust Assessment
molt-trader-skill received a trust score of 52/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 0 high, 3 medium, and 0 low severity. Key findings include Missing required field: name, Unpinned npm dependency version, Unpinned Dependencies in package.json.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Configurable Base URL with API Key Exfiltration/SSRF Risk The `MoltTraderClient` allows its `baseUrl` to be configured via environment variables (`MOLT_TRADER_BASE_URL`) or directly in the constructor. All API requests made by the client, including the sensitive `apiKey` in the `Authorization` header, are sent to this configurable `baseUrl`. If an attacker can manipulate the `MOLT_TRADER_BASE_URL` environment variable (e.g., through a prompt injection attack that allows setting environment variables, or if the skill is executed in a compromised environment), they can redirect all API calls, along with the `apiKey`, to an arbitrary server. This constitutes a severe data exfiltration risk for the API key and a Server-Side Request Forgery (SSRF) vulnerability, allowing the skill's host to make requests to internal or external attacker-controlled endpoints. Implement strict validation and whitelisting for the `baseUrl` parameter. Only allow connections to known, trusted domains (e.g., `https://api.moltrader.ai`). If dynamic `baseUrl` is required, ensure it's only configurable by trusted sources and not susceptible to untrusted input. Consider using a proxy or network policies to restrict outbound connections from the skill's execution environment. | LLM | src/client.ts:183 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/801c07/molt-trader-skill/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency '@trpc/client' is not pinned to an exact version ('^11.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/801c07/molt-trader-skill/package.json | |
| MEDIUM | Unpinned Dependencies in package.json The `package.json` file specifies dependencies using caret (^) ranges, such as `@trpc/client: ^11.0.0`. This allows for automatic updates to minor or patch versions, which could introduce breaking changes, vulnerabilities, or even malicious code if a dependency's new version is compromised. While `package-lock.json` pins exact versions, `npm install` without a lockfile or `npm update` could pull in unvetted code. Pin all dependencies to exact versions (e.g., `"@trpc/client": "11.0.0"`) to ensure deterministic builds and prevent unexpected updates. Use `npm ci` for installs in CI/CD environments to strictly adhere to `package-lock.json`. | LLM | package.json:19 |
Scan History
Embed Code
[](https://skillshield.io/report/f17dbe5dfe7ad7b8)
Powered by SkillShield