Trust Assessment
orionads received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Skill instructs LLM to transmit user wallet and PIN, User-controlled query parameter in `curl` command, API Key used directly in `curl` commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill instructs LLM to transmit user wallet and PIN The `Register` tool's example `curl` command explicitly shows sending a user's `wallet_address` and `password` (PIN) in a POST request body to `https://orionads.net/api/v1/register`. This pattern involves the LLM handling and transmitting highly sensitive user credentials. While intended for the OrionAds service, this exposes a significant risk of credential harvesting if the LLM is manipulated (e.g., via prompt injection) to use actual user credentials or to send them to a malicious look-alike domain. The skill itself is designed to process and transmit these sensitive inputs. Reconsider the design of the registration process. If possible, use OAuth or a secure browser-based flow for sensitive credential input that does not involve the LLM directly handling raw credentials. If direct API calls are necessary, implement strict input validation and ensure the LLM is explicitly instructed *not* to use real user credentials unless explicitly confirmed by the user, and implement strong domain validation to prevent redirection to malicious endpoints. | LLM | SKILL.md:42 | |
| MEDIUM | User-controlled query parameter in `curl` command The `Search` tool constructs a `curl` command where the `q` parameter is directly appended to the URL: `https://orionads.net/api/v1/search?q=<query>`. If the LLM is prompted to include sensitive user data in `<query>`, this data could be exfiltrated to `orionads.net`. Additionally, if the LLM is vulnerable to prompt injection and includes shell metacharacters in the query, it could lead to command injection on the system executing the `curl` command, depending on how the LLM executes the `curl` command (e.g., via `bash -c`). Implement strict input validation and sanitization for the `<query>` parameter before constructing the URL. Ensure the LLM is instructed to never include sensitive user data in search queries unless explicitly authorized and encrypted. If the LLM executes commands via a shell, ensure proper escaping of user-provided input. | LLM | SKILL.md:15 | |
| LOW | API Key used directly in `curl` commands The `Post Ad` and `Check Balance` tools utilize the `$ORION_API_KEY` environment variable directly in `curl` command headers for authentication. While this is the intended mechanism for interacting with the OrionAds API, it means the LLM has direct access to and is instructed to transmit this credential. A compromised LLM could potentially be manipulated to leak this key or use it against unintended endpoints. This is a general risk associated with handling API keys. Ensure the `ORION_API_KEY` is managed securely (e.g., least privilege, rotation). Implement strong domain validation to prevent the LLM from sending the key to unintended hosts. Consider using short-lived tokens or more robust authentication mechanisms if available, or proxying API calls through a secure backend. | LLM | SKILL.md:54 |
Scan History
Embed Code
[](https://skillshield.io/report/73b68ba5493359f1)
Powered by SkillShield