Trust Assessment
moltpost received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Agent instructed to perform cryptographic signing with a wallet.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Agent instructed to perform cryptographic signing with a wallet The skill explicitly instructs the AI agent to sign EIP-712 `transferWithAuthorization` messages using an associated crypto wallet for x402 payments. This grants the agent direct control over financial assets, making it a high-risk operation. While the skill provides specific parameters for signing (amount, recipient from 402 response), any misinterpretation or successful prompt injection could lead to unauthorized financial transactions and financial loss. Implement robust human-in-the-loop approval for all cryptographic signing operations. Ensure the LLM's wallet access is strictly limited to pre-approved contracts and amounts, or that a separate, secure signing module with explicit user confirmation is used. The LLM should not have direct, unconstrained access to private keys for signing. | LLM | skill.md:199 |
Scan History
Embed Code
[](https://skillshield.io/report/aa32f09ccb412f9d)
Powered by SkillShield