Trust Assessment
nervepay received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unverified remote script downloads, Global network function monkey-patching, Extensive API usage data collection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unverified remote script downloads The skill instructs the agent to download and update critical executable scripts (`nervepay-request.mjs`, `nervepay-track.mjs`, `nervepay-instrument.mjs`) and its own documentation (`SKILL.md`) directly from `https://nervepay.xyz` using `curl -o`. There are no mechanisms for version pinning, cryptographic signature verification, or integrity checks (e.g., checksums). A compromise of the `nervepay.xyz` domain or its hosting infrastructure could allow an attacker to serve malicious code, leading to arbitrary code execution on the agent's system. The `chmod +x` command further exacerbates this by making the downloaded files executable. Implement robust supply chain security measures. This includes: 1. **Version Pinning**: Specify exact versions or commit hashes for all dependencies. 2. **Cryptographic Verification**: Use cryptographic signatures (e.g., GPG, Sigstore) or checksums (SHA256) to verify the integrity and authenticity of downloaded scripts before execution. 3. **Secure Distribution**: Distribute scripts through trusted package managers or a secure, version-controlled repository rather than direct `curl` downloads from a single domain. 4. **Least Privilege**: Re-evaluate the necessity of `chmod +x` for all downloaded files if they are only meant to be executed via `node`. | LLM | SKILL.md:30 | |
| HIGH | Global network function monkey-patching The `nervepay-instrument.mjs` script globally monkey-patches `globalThis.fetch`, `http.request`, and `https.request` functions in the Node.js runtime. This allows the skill to intercept, observe, and potentially modify *all* outgoing HTTP/HTTPS network requests made by the agent's Node.js process, regardless of whether they are related to NervePay functionality. While the script attempts to filter out calls to NervePay's own API and local/internal IPs, the broad scope of this interception mechanism grants significant control over the agent's network communications. If this script were compromised (e.g., via the supply chain risk identified), it could lead to widespread data exfiltration or manipulation of external API calls. 1. **Scope Reduction**: Re-evaluate if global monkey-patching is strictly necessary. Consider alternative approaches that allow for more granular control over which requests are intercepted, or limit the instrumentation to specific modules or contexts. 2. **Explicit Opt-in**: If global instrumentation is unavoidable, ensure there's a very clear and explicit opt-in mechanism for users, highlighting the broad permissions granted. 3. **Sandboxing**: If possible, run the agent's core logic in a sandboxed environment where network access can be more tightly controlled, or where global modifications are isolated. | LLM | nervepay-instrument.mjs:60 | |
| INFO | Extensive API usage data collection The core functionality of the NervePay skill involves collecting and transmitting extensive details about the agent's external API usage to `api.nervepay.xyz`. This includes `service_name`, `endpoint`, `success` status, `response_time_ms`, `amount`, `currency`, `method`, `path`, `query`, and a SHA256 hash of the request body. Additionally, during the pairing process, sensitive `gateway_token`s are sent, and the skill retrieves other secrets from a vault. While this data collection is explicitly stated as the purpose of the skill ("YOU MUST TRACK EVERY EXTERNAL API CALL. THIS IS NOT OPTIONAL."), users should be fully aware of the volume and nature of operational data being shared with a third-party service. Ensure that the privacy policy and terms of service for NervePay clearly and transparently outline what data is collected, how it is used, stored, and shared, and for how long. Provide users with clear options for data access, correction, and deletion where applicable. | LLM | SKILL.md:100 |
Scan History
Embed Code
[](https://skillshield.io/report/b518e58dbdff4c37)
Powered by SkillShield