Trust Assessment
morpho-earn received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 0 high, 3 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Unpinned Dependencies in scripts/package.json, Use of execSync for 1Password Credential Retrieval.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned npm dependency version Dependency 'viem' is not pinned to an exact version ('^2.21.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/lyoungblood/morpho-earn/scripts/package.json | |
| MEDIUM | Unpinned Dependencies in scripts/package.json The `scripts/package.json` file specifies dependencies using caret (`^`) ranges (e.g., `"viem": "^2.21.0"`). While a `package-lock.json` exists to pin exact versions, relying on `^` ranges in `package.json` means that `npm install` could resolve to newer, potentially incompatible or malicious versions if the lockfile is ignored, corrupted, or not present in a different deployment context. For security-sensitive applications, it is best practice to pin exact versions to ensure deterministic builds and prevent unexpected changes from upstream packages. Pin exact versions for all dependencies in `scripts/package.json` (e.g., change `"^2.21.0"` to `"2.21.0"`). Regularly audit dependencies for known vulnerabilities. | LLM | scripts/package.json:8 | |
| MEDIUM | Use of execSync for 1Password Credential Retrieval The `loadConfig` function in `scripts/config.ts` uses `child_process.execSync` to retrieve private keys from 1Password via the `op` command-line tool. While the `config.wallet.item` input is sanitized in `setup.ts` to prevent direct shell injection, `execSync` is a powerful primitive that executes arbitrary shell commands. Any unforeseen vulnerability in the `op` CLI tool itself, or a subtle flaw in the sanitization logic, could potentially lead to command injection or unintended execution. Using external process calls for sensitive operations like credential retrieval introduces a dependency on the security and behavior of that external tool. Explore alternative, more controlled methods for interacting with 1Password (e.g., a native library if available, or a more robust IPC mechanism) that do not rely on direct shell command execution. If `execSync` must be used, ensure the command string is constructed with extreme care and all user-controlled inputs are rigorously validated and escaped for the shell context. | LLM | scripts/config.ts:204 | |
| INFO | External API Calls for DeFi Operations and Data The skill makes several external API calls to third-party services for its core functionality:
- `https://api.merkl.xyz`: Used to fetch and claim rewards, sending the user's wallet address.
- `https://api.odos.xyz`: Used for fetching swap quotes and assembling transactions, sending the user's wallet address and token amounts.
- `https://api.coingecko.com`: Used to fetch token prices, sending token symbols.
While these calls are necessary for the skill's intended DeFi and reporting functions, users should be aware that their wallet addresses and transaction details are shared with these third-party services. This is standard practice for many DeFi interactions but constitutes data exfiltration to external entities. Clearly document all external API dependencies and the type of data shared with them in the skill's user-facing documentation. Ensure that all API communications use HTTPS to protect data in transit. Regularly review the privacy policies and security practices of these third-party providers. | LLM | scripts/compound.ts:109 |
Scan History
Embed Code
[](https://skillshield.io/report/56a0b8c4642ab79a)
Powered by SkillShield