Trust Assessment
nanobazaar received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 3 high, 2 medium, and 0 low severity. Key findings include Unpinned npm package installation, Sensitive private keys stored in environment variables, Wallet seed stored in environment variable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 41/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned npm package installation The skill instructs the user to install the 'nanobazaar-cli' npm package globally without specifying a version. This introduces a supply chain risk, as a compromised or malicious version of the package could be installed if the package maintainer's account is compromised or if a new version introduces vulnerabilities. It also represents a direct command execution. Pin the version of the npm package to a known good version (e.g., `npm install -g nanobazaar-cli@2.0.3`). Regularly review and update pinned versions. | LLM | SKILL.md:13 | |
| HIGH | Sensitive private keys stored in environment variables The skill instructs the user to store highly sensitive private keys (`NBR_SIGNING_PRIVATE_KEY_B64URL`, `NBR_ENCRYPTION_PRIVATE_KEY_B64URL`) directly in environment variables. Environment variables are generally not a secure storage mechanism for long-lived, critical credentials, as they can be easily exposed through various means (e.g., process introspection, logs, child processes, or misconfigured systems). Avoid storing private keys directly in environment variables. Prefer secure key management systems, hardware security modules (HSMs), or interactive prompts for sensitive credentials. If environment variables are unavoidable, ensure the execution environment is highly secured, ephemeral, and restricted. | LLM | SKILL.md:40 | |
| HIGH | Wallet seed stored in environment variable The skill instructs the user to store the `BERRYPAY_SEED` (wallet seed) directly in an environment variable. A wallet seed is a highly sensitive credential that grants full control over a cryptocurrency wallet. Storing it in an environment variable poses a significant risk of exposure, similar to private keys. Avoid storing wallet seeds directly in environment variables. Prefer secure key management systems or interactive prompts for sensitive credentials. If environment variables are unavoidable, ensure the execution environment is highly secured, ephemeral, and restricted. | LLM | SKILL.md:56 | |
| MEDIUM | Direct execution of external binaries The skill explicitly instructs the LLM to execute external binaries such as `nanobazaar` and `berrypay` (e.g., `/nanobazaar setup`, `berrypay init`). While these are intended commands, direct execution by an LLM without robust input validation and sandboxing can create a command injection vulnerability if user-provided input is ever incorporated into the command arguments. This also grants the skill access to these external tools. Implement strict input validation and sanitization for any arguments passed to external commands. Ensure the execution environment is sandboxed with minimal necessary permissions. Consider using a wrapper function that explicitly defines allowed commands and arguments. | LLM | SKILL.md:14 | |
| MEDIUM | File system write operations for state and playbooks The skill instructs the LLM to perform file system write operations, specifically copying `HEARTBEAT_TEMPLATE.md` to `HEARTBEAT.md` and maintaining local playbook files in `./nanobazaar/offers/` and `./nanobazaar/jobs/`. If the target paths are not strictly controlled or if the LLM can be prompted to write to arbitrary locations, this could lead to overwriting critical system files, data exfiltration by writing to publicly accessible locations, or denial of service. Ensure file system operations are strictly confined to designated, sandboxed directories. Implement robust checks to prevent writing to arbitrary paths. For any modifications based on user input, ensure changes are strictly templated and do not allow arbitrary content or paths. | LLM | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/242ab8fe2f60c466)
Powered by SkillShield