Trust Assessment
moltrade received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned dependencies via requirements.txt, Agent instructed to handle wallet private keys, Execution of external Python scripts from cloned repository.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Agent instructed to handle wallet private keys The skill explicitly states that an agent *can* be delegated to handle 'wallet private key entry' during the initialization process (`python main.py --init`). This means the agent is expected to interact with a script that prompts for highly sensitive financial credentials (private keys) and potentially provide them. This poses a severe risk of credential harvesting if the agent's environment is compromised, if the `main.py` script is malicious, or if the agent itself is not designed to securely handle such sensitive information. Agents should never be instructed to directly handle or input private keys or other highly sensitive credentials. Instead, the skill should provide clear instructions for the human user to securely input these credentials, or integrate with secure credential management systems (e.g., environment variables, secure vaults) that do not expose raw secrets to the agent's direct execution context. The skill should explicitly forbid agents from handling private keys. | LLM | SKILL.md:55 | |
| HIGH | Unpinned dependencies via requirements.txt The skill instructs the agent to install Python dependencies using `pip install -r requirements.txt`. Without inspecting the `requirements.txt` file, there's a significant risk of installing unpinned or malicious packages. This can lead to arbitrary code execution, data exfiltration, or other compromises if a dependency is compromised or a typosquatting attack occurs. The `requirements.txt` file is not provided in the context, making it an unknown risk. Provide the `requirements.txt` file for analysis. Ensure all dependencies are explicitly pinned to exact versions (e.g., `package==1.2.3`). Consider using a lock file mechanism (e.g., `pip-tools` or `Poetry`) to ensure reproducible and secure dependency installations. | LLM | SKILL.md:49 | |
| HIGH | Execution of external Python scripts from cloned repository The skill instructs the agent to clone an external Git repository (`https://github.com/hetu-project/moltrade.git`) and then execute Python scripts (`main.py`, `backtest.py`) from within that repository. This constitutes a command injection risk because the agent is directed to execute arbitrary code from an external, untrusted source. If the GitHub repository is compromised or contains malicious code, the agent could execute it, leading to system compromise, data exfiltration, or other malicious activities. This risk is compounded by the instruction to install unpinned dependencies and handle private keys. Skills should avoid instructing agents to clone and execute arbitrary code from external repositories. If external code is necessary, it should be thoroughly vetted, ideally packaged as a trusted dependency, and executed within a highly sandboxed environment with minimal permissions. Explicitly define the scope of execution and limit access to system resources. | LLM | SKILL.md:48 |
Scan History
Embed Code
[](https://skillshield.io/report/2f6aa2b8d3cac46e)
Powered by SkillShield