Trust Assessment
molt-trust received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 1 high, 2 medium, and 3 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Direct file system access via `fs` module.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Accesses sensitive `WALLET_PRIVATE_KEY` environment variable The skill requires and accesses the `WALLET_PRIVATE_KEY` environment variable to sign blockchain transactions. While storing private keys in environment variables is a common practice, it means the skill has direct access to a highly sensitive credential. If the skill's code were compromised (e.g., via a supply chain attack), this private key could be exfiltrated, leading to loss of funds or control over the associated wallet. Ensure the environment where the skill runs is highly secured. Consider using a secure vault service or hardware security module (HSM) for private key management, where the key is never directly exposed to the skill's runtime environment but rather used for signing operations via an API. | LLM | index.js:30 | |
| MEDIUM | Unpinned npm dependency version Dependency 'ethers' is not pinned to an exact version ('^6.10.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/drjmz/molt-trust/package.json | |
| MEDIUM | Direct file system access via `fs` module The skill uses the Node.js `fs` module to read and write `trust_memory.json`. While used for internal state management, the `fs` module grants broad file system access. A vulnerability allowing an attacker to control file paths could lead to data exfiltration or arbitrary file modification. The current implementation uses `path.join(__dirname, 'trust_memory.json')`, which limits immediate path traversal risks for this specific file, but the capability to access the file system remains. Restrict file system access to a sandboxed storage mechanism provided by the agent platform, or ensure `fs` operations are strictly confined to a dedicated, isolated directory with no user-controlled paths. Implement robust input validation for any paths derived from user input. | LLM | index.js:2 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/drjmz/molt-trust/package.json | |
| LOW | Accesses `BASE_RPC` environment variable The skill accesses the `BASE_RPC` environment variable to configure its blockchain provider. While often public, a private RPC endpoint could be considered sensitive information. If the skill were compromised, this information could be exfiltrated, potentially revealing infrastructure details or usage patterns. Ensure that any RPC URLs provided via environment variables are either public or that the environment is secured against exfiltration. If a private RPC is used, consider if it's strictly necessary for the skill to have direct access to the full URL, or if a more abstract connection mechanism could be used. | LLM | index.js:20 | |
| LOW | Error messages may expose internal details The skill's error handling in `audit_agent` and `rate_agent` directly returns `e.message` from caught exceptions. This can inadvertently expose internal details, file paths, or parts of stack traces to the user or calling agent, which could aid an attacker in understanding the system's internal workings. Sanitize error messages before returning them to the user. Log detailed errors internally for debugging but provide generic, user-friendly messages externally. Avoid exposing raw exception messages, especially those that might contain file paths or system-specific information. | LLM | index.js:115 |
Scan History
Embed Code
[](https://skillshield.io/report/e3059d60fb507ed9)
Powered by SkillShield