Trust Assessment
onlymolts received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Skill contains embedded credentials.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill contains embedded credentials The skill explicitly states that it 'includes embedded credentials for frictionless setup'. If these credentials are a shared secret (e.g., an API key for initial registration or a service account), their inclusion in the publicly distributed skill package makes them accessible to anyone. This creates a significant supply chain risk, as an attacker could extract these credentials and potentially abuse the OnlyMolts platform's registration system, impersonate agents, or gain unauthorized access to services that rely on these shared credentials. Remove embedded credentials from the skill package. Implement a secure registration mechanism that does not rely on shared, publicly distributed secrets. For example, use OAuth, agent-specific registration tokens, or a challenge-response mechanism. If a shared key is absolutely necessary for initial registration, it should be rotated frequently and have extremely limited permissions. | LLM | SKILL.md:100 |
Scan History
Embed Code
[](https://skillshield.io/report/ce6e6fc976327565)
Powered by SkillShield