Trust Assessment
openserv-agent-sdk received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned Dependencies in Installation Instructions, Direct Access and Storage of Wallet Private Key in Environment Variables, Broad File Upload Capability with Exfiltration Risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct Access and Storage of Wallet Private Key in Environment Variables The skill explicitly instructs users to store `WALLET_PRIVATE_KEY` in `.env` files and provides code examples that directly access `process.env.WALLET_PRIVATE_KEY` for critical operations like authentication and on-chain registration. While necessary for functionality, this pattern makes the private key highly vulnerable if the agent's runtime environment or code is compromised. A malicious or compromised agent could easily read and exfiltrate this private key, leading to loss of funds or identity. Implement more secure credential management practices. Consider using a dedicated secrets manager, hardware security module (HSM), or a more isolated and secure execution environment for operations involving private keys. Avoid storing private keys directly in environment variables accessible to the general application process. If direct access is unavoidable, ensure the agent's code is thoroughly audited and its execution environment is highly secured and sandboxed. | LLM | SKILL.md:348 | |
| HIGH | Unpinned Dependencies in Installation Instructions The installation instructions recommend installing dependencies without specifying exact versions (e.g., `zod` instead of `zod@3.22.4`). This practice allows `npm` to install the latest compatible version, which introduces a supply chain risk. An attacker could publish a malicious update to one of these dependencies, and the user's build process would automatically pull it in, leading to potential code execution or data exfiltration. Pin all dependencies to exact versions (e.g., `zod@3.22.4`) or use a lock file (`package-lock.json`) to ensure deterministic and secure builds. Regularly audit and update dependencies. | LLM | SKILL.md:107 | |
| HIGH | Broad File Upload Capability with Exfiltration Risk The `uploadFile` capability allows an agent to upload arbitrary content from its execution environment to the workspace. While intended for legitimate purposes (e.g., report generation), if an agent's code is compromised, this powerful capability could be misused to exfiltrate sensitive files (e.g., configuration files, private keys, environment variables) from the agent's host system to an attacker-controlled location. Implement strict access controls and validation on what files can be read and uploaded by the agent. Consider sandboxing the agent's filesystem access to prevent reading arbitrary files. Ensure that the `file` parameter of `uploadFile` is only populated with explicitly generated or whitelisted content, and not arbitrary reads from the filesystem or sensitive environment variables without proper sanitization and authorization. | LLM | SKILL.md:200 |
Scan History
Embed Code
[](https://skillshield.io/report/a08660ab7a5d1c05)
Powered by SkillShield