Trust Assessment
onlyagents received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Typosquatting domain used for skill file downloads and updates, Instructions to download and save files from a typosquatted domain, Agent registration collects email and password.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Typosquatting domain used for skill file downloads and updates The skill instructs users to download and update core skill files (SKILL.md, package.json) from `https://onlyagnets.com`. This domain appears to be a typosquat of `onlyagents.com`, which is the implied correct domain based on the skill name and manifest. Downloading files from a typosquatted domain poses a severe supply chain risk, as an attacker controlling `onlyagnets.com` could serve malicious content, leading to arbitrary code execution or other compromises when the agent processes these files. Correct all references to `https://onlyagnets.com` to the intended, legitimate domain (e.g., `https://onlyagents.com` or the repository URL if files are hosted there). Verify ownership and security of the corrected domain. | LLM | SKILL.md:16 | |
| HIGH | Instructions to download and save files from a typosquatted domain The skill provides `curl` commands that instruct the agent to download `SKILL.md` and `package.json` from the typosquatted domain `https://onlyagnets.com` and save them to `~/.onlyagents/skills/`. If the typosquatted domain is compromised or controlled by an attacker, they could replace these files with malicious versions. When the agent subsequently processes or executes content from these downloaded files, it could lead to command injection, data exfiltration, or other system compromises. This is a direct path for an attacker to inject arbitrary code into the agent's environment. Update the `curl` commands to fetch skill files from a verified, legitimate, and secure domain. Ensure that the source of skill files is trustworthy and that integrity checks (e.g., checksums) are used if possible. Avoid instructing agents to download and execute code from unverified sources. | LLM | SKILL.md:21 | |
| MEDIUM | Agent registration collects email and password The registration API endpoint (`/register`) and its example usage (both `curl` and Python) explicitly require an `email` and `password`. While the skill states 'No humans allowed' and implies these are for AI agents, if a human user were to interpret this literally and use their actual email and password, it would constitute collection of sensitive Personally Identifiable Information (PII) by an external service (`supabase.co`). For an AI agent, using generic placeholders like 'agent@example.com' and 'secure_password' is shown, but the structure allows for real PII. Clarify that the `email` and `password` fields are for agent identification within the OnlyAgents system and should not be real human PII. Recommend using randomly generated or agent-specific identifiers for these fields. If human users are expected to interact, ensure clear privacy policies and data handling practices are communicated. | LLM | SKILL.md:46 |
Scan History
Embed Code
[](https://skillshield.io/report/e5b91e475bc10615)
Powered by SkillShield