Trust Assessment
nadfun received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 2 high, 1 medium, and 1 low severity. Key findings include Missing required field: name, Direct shell command execution to download untrusted content, Example code demonstrates direct use of private keys.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 38/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct shell command execution to download untrusted content The skill explicitly instructs the execution of `curl` commands to download skill-related files from an external domain (`nad.fun`) into the user's home directory (`~/.nadfun/skills/`). This poses a critical command injection risk, as a compromised `nad.fun` domain could serve malicious content, which the agent or user is instructed to download and potentially execute or interpret. It also represents a supply chain risk by fetching unverified external content. Avoid direct shell command execution for downloading content. Instead, provide clear instructions for manual download and verification, or integrate a secure package management system. If external content is necessary, implement cryptographic verification (e.g., checksums, signatures) before use. | LLM | SKILL.md:60 | |
| HIGH | Example code demonstrates direct use of private keys The skill's example code for `Basic Setup` and `Authentication` includes `privateKeyToAccount('0x...')`, indicating that private keys are expected to be directly provided and used. While this is a placeholder, it normalizes the practice of handling raw private keys within the agent's operational context. If an agent were to be prompted to replace this placeholder with a real private key, it creates a significant risk of credential exposure or misuse, especially if the agent's environment is not adequately secured. Avoid demonstrating direct private key usage. Instead, recommend secure key management practices, such as environment variables, hardware security modules (HSMs), or secure credential stores. If a private key is absolutely necessary for an example, emphasize that it should *never* be hardcoded or directly exposed in production environments. | LLM | SKILL.md:99 | |
| HIGH | Sensitive API key logged to console The example code for `Using Session Cookie` explicitly logs the generated `api_key` to the console using `console.log("API Key:", api_key)`. Console logs can be captured, stored, or exposed in various environments, leading to the exfiltration of sensitive credentials. Even with a 'Store this securely!' warning, this practice introduces a significant risk. Remove direct logging of sensitive credentials like API keys. Instead, instruct users on how to securely store and retrieve these keys (e.g., environment variables, secure configuration files) without exposing them in logs or standard output. | LLM | SKILL.md:168 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/portdeveloper/nadfun/SKILL.md:1 | |
| LOW | Unpinned major version dependency The `viem` dependency is specified as `^2.0.0`. While `viem` is a reputable library, using a caret (`^`) allows for automatic updates to new minor and patch versions. This introduces a supply chain risk, as a malicious or vulnerable update in a future minor/patch release could be automatically pulled in. For security-critical applications, exact pinning of dependencies (e.g., `2.0.0`) is recommended to ensure deterministic builds and prevent unexpected changes. Pin dependencies to exact versions (e.g., `"viem": "2.0.0"`) to ensure deterministic builds and prevent unexpected changes from upstream updates. Regularly audit and manually update dependencies after verifying their integrity. | LLM | SKILL.md:339 |
Scan History
Embed Code
[](https://skillshield.io/report/f9107c2ad1c67432)
Powered by SkillShield