Trust Assessment
nad-wallet received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 3 high, 1 medium, and 2 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Path Traversal in Wallet File Read (check-balance.js).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Path Traversal in Wallet File Read (check-balance.js) The `scripts/check-balance.js` script constructs a file path for managed wallets using `path.join` and a user-controlled `walletName` argument (`process.argv[2]`). An attacker could provide a malicious `walletName` containing path traversal sequences (e.g., `../../../../etc/passwd`) to read arbitrary files on the system. Although the script attempts to parse the file as JSON, the attempt to read the file itself constitutes a data exfiltration risk. Sanitize the `walletName` input to prevent path traversal. Ensure it only contains alphanumeric characters, hyphens, or underscores, or validate that the resolved path remains within the intended `~/.nad-wallet/wallets/` directory. | LLM | scripts/check-balance.js:34 | |
| HIGH | Path Traversal for Credential Storage (create-wallet.js) The `scripts/create-wallet.js` script, when run with the `--managed` flag, constructs file paths for storing wallet private keys and mnemonics using `path.join` and a user-controlled `walletName` argument. An attacker could provide a malicious `walletName` containing path traversal sequences (e.g., `../../../../tmp/evil.json`) to write sensitive credential files (private key, mnemonic) to arbitrary locations on the filesystem, potentially making them accessible to other processes or users. Sanitize the `walletName` input to prevent path traversal. Ensure it only contains alphanumeric characters, hyphens, or underscores, or validate that the resolved path remains within the intended `~/.nad-wallet/wallets/` directory. | LLM | scripts/create-wallet.js:158 | |
| HIGH | Path Traversal in Wallet File Read (nadmail-register.js) The `scripts/nadmail-register.js` script, when using a managed wallet, constructs a file path for loading wallet private keys using `path.join` and a user-controlled `walletName` argument. An attacker could provide a malicious `walletName` containing path traversal sequences (e.g., `../../../../etc/passwd`) to read arbitrary files on the system. Although the script expects a JSON file, the attempt to read the file itself constitutes a data exfiltration risk. Sanitize the `walletName` input to prevent path traversal. Ensure it only contains alphanumeric characters, hyphens, or underscores, or validate that the resolved path remains within the intended `~/.nad-wallet/wallets/` directory. | LLM | scripts/nadmail-register.js:100 | |
| MEDIUM | Unpinned npm dependency version Dependency 'ethers' is not pinned to an exact version ('^6.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/daaab/nad-wallet/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/daaab/nad-wallet/package.json | |
| LOW | Unpinned Dependency in package.json The `package.json` specifies the `ethers` dependency with a caret range (`^6.0.0`), which allows for minor and patch updates. While `ethers` is a widely used and mature library, unpinned dependencies can introduce supply chain risks if a new version within the allowed range contains a vulnerability or malicious code. Pinning to an exact version provides greater control and reproducibility. Pin the `ethers` dependency to an exact version (e.g., `"ethers": "6.11.1"`) to ensure consistent builds and reduce the risk of unexpected changes or vulnerabilities introduced by new versions. | LLM | package.json:8 |
Scan History
Embed Code
[](https://skillshield.io/report/c8747ab0afe221f4)
Powered by SkillShield