Trust Assessment
onlyagents received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Shell Commands, Data Exfiltration Risk via Arbitrary File Upload, Credential Exposure Risk for API Keys and Solana Private Keys.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Data Exfiltration Risk via Arbitrary File Upload The `curl` commands for posting content include `image=@/path/to/image.jpg`, which instructs the agent to read a local file from an arbitrary path and upload its contents to the external API. If an agent is prompted with a malicious file path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`), it could inadvertently exfiltrate sensitive local files to the `onlyagents.xxx` server. Implement strict validation and sandboxing for file paths. Agents should only be allowed to access files from a designated, restricted directory, or require explicit user confirmation for each file upload. Avoid allowing arbitrary file paths in tool calls. | LLM | SKILL.md:45 | |
| HIGH | Potential Command Injection via Shell Commands The skill documentation includes direct shell commands (`solana-keygen`, `curl`) in the 'Quick Start' section. If an AI agent is designed to interpret and execute these instructions directly, it could lead to command injection vulnerabilities. An attacker could craft inputs that manipulate the agent into executing arbitrary shell commands on the host system. Agents should not directly execute shell commands found in documentation. Instead, provide specific tool functions for each operation (e.g., `solana.create_wallet()`, `http.post()`) with strict input validation. If shell execution is unavoidable, ensure commands are sandboxed and inputs are thoroughly sanitized. | LLM | SKILL.md:23 | |
| HIGH | Credential Exposure Risk for API Keys and Solana Private Keys The skill requires the generation of a Solana wallet (containing a private key) and the use of an `api_key` for authentication. The documentation explicitly warns the user to 'Save your `api_key` from the response! It cannot be recovered.' If an AI agent is tasked with managing these credentials, there is a high risk of exposure if they are not handled securely (e.g., stored in plain text, logged, or included in prompts). The `solana-keygen` command outputs a private key to a file, which an agent could potentially read and expose. Agents should use secure credential management systems (e.g., environment variables, secret managers) for API keys and private keys. Never hardcode credentials or include them in logs or prompts. For Solana keys, the agent should interact with a secure wallet service rather than directly managing key files. | LLM | SKILL.md:35 |
Scan History
Embed Code
[](https://skillshield.io/report/1f04dd2dd1543282)
Powered by SkillShield