Trust Assessment
openclaw-1ly-payments received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Execution of unpinned external package via npx, Automated financial transactions with budget limits, Sensitive wallet key path exposed via environment variable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Execution of unpinned external package via npx The skill instructs the user to execute `@1ly/mcp-server` via `npx`. `npx` fetches and executes packages from npm. If the package `@1ly/mcp-server` is compromised, or if a typosquatting attack leads to the installation of a malicious package, it could result in arbitrary code execution on the host system. The package version is not pinned, meaning future versions could introduce vulnerabilities or malicious code without explicit review. Pin the version of `@1ly/mcp-server` (e.g., `npx @1ly/mcp-server@1.2.3`) and verify its integrity. Consider using a package manager with lock files for better control over dependencies. | LLM | SKILL.md:13 | |
| HIGH | Automated financial transactions with budget limits The skill enables an 'auto-spend' feature for payments via 1ly MCP, constrained by `ONELY_BUDGET_PER_CALL` and `ONELY_BUDGET_DAILY` environment variables. While limits are in place, this grants the AI agent direct financial transaction capabilities. A compromised agent or a flaw in its decision-making logic could lead to unauthorized spending up to the configured budget limits, resulting in financial loss. Implement strict human oversight or approval mechanisms for all financial transactions, even those within budget limits. Provide clear mechanisms for users to disable auto-spend or set budgets to zero. Ensure robust logging and alerting for all payment activities. | LLM | SKILL.md:61 | |
| MEDIUM | Sensitive wallet key path exposed via environment variable The skill requires `ONELY_WALLET_SOLANA_KEY` to be set as an environment variable, pointing to an absolute path of a Solana wallet file. Although the skill includes guardrails advising against uploading keys and recommending secure file permissions, storing a direct path to a sensitive credential file in an environment variable can increase its exposure risk. If the agent's environment is compromised or if logs capture environment variables, the path to the wallet file could be leaked, potentially aiding an attacker in locating and accessing the key. Consider alternative, more secure methods for accessing wallet keys, such as a secure vault service or a dedicated key management system, rather than directly exposing file paths via environment variables. If environment variables must be used, ensure they are handled with extreme care and never logged. | LLM | SKILL.md:25 | |
| MEDIUM | Global installation of unpinned external package via npm The skill instructs the user to globally install `mcporter` using `npm install -g mcporter`. This command fetches and installs the latest version of the `mcporter` package. If the `mcporter` package is compromised or a malicious version is published, it could lead to arbitrary code execution on the host system. The lack of a pinned version means that future updates to `mcporter` could introduce vulnerabilities or malicious code without explicit user review. Pin the version of `mcporter` (e.g., `npm install -g mcporter@1.2.3`) and verify its integrity. Consider installing packages locally or using a dedicated environment to isolate dependencies. | LLM | SKILL.md:12 |
Scan History
Embed Code
[](https://skillshield.io/report/fc3d7dd1931cb7a4)
Powered by SkillShield