Trust Assessment
ocft received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 2 medium, and 1 low severity. Key findings include Unpinned npm dependency in installation instructions, Skill provides command to directly display sensitive secret, Skill exports connection information containing sensitive secret.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 54/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned npm dependency in installation instructions The installation instruction `npm install -g ocft` installs the latest version of the `ocft` package without specifying a version. This introduces a supply chain risk, as a future malicious or vulnerable update to the `ocft` package could be automatically installed, potentially compromising the system or leading to unexpected behavior. Pin the dependency to a specific version, e.g., `npm install -g ocft@1.0.0`, and recommend regular security audits of the chosen version. Implement a mechanism to verify package integrity. | LLM | SKILL.md:24 | |
| HIGH | Skill provides command to directly display sensitive secret The `ocft show-secret` command is explicitly designed to 'Display full secret (careful!)'. An AI agent, if prompted maliciously or inadvertently, could execute this command and expose its node secret, leading to unauthorized access to its P2P identity and potentially enabling impersonation or data interception. Reconsider the necessity of a direct secret display command. If essential, implement strong safeguards (e.g., requiring explicit human confirmation, logging access, or restricting its use to specific, highly-privileged contexts). Educate users on the risks of exposing this secret. | LLM | SKILL.md:40 | |
| MEDIUM | Skill exports connection information containing sensitive secret The `ocft export` command exports connection information as a URI, which includes the node's secret. While intended for sharing with trusted peers, a malicious prompt could trick an AI agent into exporting this information and then exfiltrating the URI, compromising the agent's P2P identity. Emphasize the sensitivity of the exported URI. Implement mechanisms to limit the lifespan of exported secrets (e.g., one-time use URIs or short-lived tokens). Advise agents to only share such URIs through secure, encrypted channels. | LLM | SKILL.md:39 | |
| MEDIUM | Skill allows setting arbitrary download directory The `ocft set-download <dir>` command allows an AI agent to specify an arbitrary download directory. If an attacker can control the `<dir>` argument, they could potentially trick the agent into writing files to sensitive system locations (e.g., `/etc`, `~/.ssh`) or overwriting critical files, leading to system compromise or denial of service. This also opens a path for command injection if the underlying `ocft` tool executes shell commands with the provided path without proper sanitization. Implement strict path validation and sanitization within the `ocft` tool to restrict download directories to safe, designated locations (e.g., a sandboxed directory within the skill's scope). Avoid executing shell commands with unsanitized user-provided paths. | LLM | SKILL.md:59 | |
| LOW | Skill handles IPFS API keys without explicit retrieval warning The `ocft set-ipfs-key <key>` command allows setting an IPFS API key. While necessary for functionality, the documentation does not explicitly warn about the sensitivity of this key or provide guidance on secure storage. The `ocft status` command is listed, which commonly displays configuration, raising the possibility of inadvertent key exposure. An agent might also be prompted to re-enter or reveal it. Add explicit warnings about the sensitivity of IPFS API keys. Ensure keys are stored securely (e.g., encrypted, not in plain text config files). If `ocft status` or similar commands display the key, mask it or require explicit authorization. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/38d325a9856fd17a)
Powered by SkillShield