Trust Assessment
monad-development received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 3 high, 2 medium, and 0 low severity. Key findings include Skill instructs LLM to fetch and potentially execute external content, Sensitive contract data sent to third-party verification API, Potential command injection through unsanitized placeholders in `forge` commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 41/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill instructs LLM to fetch and potentially execute external content The skill instructs the agent to fetch `https://docs.monad.xyz/llms.txt` for 'questions not covered here'. If the content of `llms.txt` is controlled by an attacker or compromised, it could contain malicious instructions that manipulate the host LLM, leading to prompt injection. In rubric mode, this is an instruction for the agent to follow, posing a direct risk. Avoid instructing the LLM to fetch and interpret external content from untrusted or potentially mutable sources. If external content is necessary, ensure it's from a trusted, immutable source and parsed safely, not directly interpreted as instructions. | LLM | SKILL.md:10 | |
| HIGH | Potential command injection through unsanitized placeholders in `forge` commands The skill provides `forge` commands with placeholders like `<ADDR>`, `<CONTRACT>`, and `<TOKEN_ADDRESS>` (e.g., `forge verify-contract <ADDR> <CONTRACT>`). If the agent fills these placeholders with untrusted user input without proper sanitization (e.g., escaping shell metacharacters), an attacker could inject arbitrary shell commands, leading to remote code execution. This is particularly critical as the output of these commands is often used in subsequent operations. Implement robust input sanitization and validation for all user-provided inputs used in shell commands. Use parameterized commands or escape shell metacharacters (e.g., `shlex.quote` in Python) before execution. Avoid direct string concatenation for command arguments. | LLM | SKILL.md:50 | |
| HIGH | Dependency on external, potentially untrusted `agents.devnads.com` API The skill relies heavily on `https://agents.devnads.com` for critical functionalities like faucet funding and contract verification. This introduces a supply chain risk, as the security and integrity of this third-party service are outside the direct control of the skill developer. A compromise of `agents.devnads.com` could lead to various attacks, including data exfiltration, malicious code injection (if responses are interpreted), or denial of service for core skill functionalities. Thoroughly vet all third-party dependencies. Consider self-hosting critical services or using well-established, audited alternatives. Implement robust error handling and fallback mechanisms in case the third-party service is unavailable or compromised. Clearly document the risks associated with external dependencies. | LLM | SKILL.md:36 | |
| MEDIUM | Sensitive contract data sent to third-party verification API The skill instructs the agent to send sensitive contract deployment and verification data (e.g., `contractAddress`, `contractName`, `compilerVersion`, `standardJsonInput`, `constructorArgs`) to `https://agents.devnads.com/v1/verify`. This exposes potentially confidential contract details to a third-party service, which could be compromised or malicious, leading to data exfiltration. Evaluate the necessity and trustworthiness of sending sensitive data to third-party APIs. If essential, ensure strong security measures are in place for the third-party service and consider anonymizing or encrypting data where possible. Provide clear warnings to users about data sharing. | LLM | SKILL.md:60 | |
| MEDIUM | Instruction to store private keys in user's home directory The skill instructs the agent to persist generated private keys by writing them to `~/.monad-wallet`. While `chmod 600` is suggested, storing sensitive credentials directly in the user's home directory, even with restricted permissions, can be an excessive permission if more secure, isolated storage mechanisms are available. This increases the risk of credential compromise if the user's home directory is accessed by other processes or if the `chmod` fails. Prefer using secure credential management systems (e.g., OS-level secret stores, encrypted vaults) over direct file storage in the home directory. If file storage is necessary, ensure it's in a dedicated, highly restricted directory and that permissions are strictly enforced. | LLM | SKILL.md:100 |
Scan History
Embed Code
[](https://skillshield.io/report/9639dce0a45d9818)
Powered by SkillShield