Trust Assessment
paylobster received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 1 critical, 4 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Private key exposed via CLI argument, Skill requires and handles private keys via environment variables.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Private key exposed via CLI argument The CLI example `plob auth --private-key 0x...` demonstrates passing a private key directly as a command-line argument. This is a critical security vulnerability as private keys can be logged in shell history, exposed in process lists, or easily viewed by anyone with access to the system, leading to immediate compromise of the associated wallet. Private keys should never be passed as command-line arguments. Instead, they should be loaded from secure environment variables, a secure vault, or prompted for interactively with masking. | LLM | SKILL.md:105 | |
| HIGH | Skill requires and handles private keys via environment variables The SDK and self-hosted MCP server configurations explicitly access `process.env.PRIVATE_KEY` and `PAYLOBSTER_PRIVATE_KEY` respectively. This indicates the skill is designed to operate with direct access to an agent's private key, granting it full control over the associated wallet for on-chain transactions. While necessary for its functionality, this represents a high-privilege operation and a significant security risk if the skill or its environment is compromised. Ensure the environment where the skill runs is highly secured. Implement strict access controls and monitoring for any process that has access to these environment variables. Consider using hardware security modules (HSMs) or secure enclaves for private key management where possible, rather than plain environment variables. | LLM | SKILL.md:60 | |
| HIGH | Unpinned npm package dependencies The `npm install` commands for `pay-lobster`, `viem`, `@paylobster/cli`, and `@paylobster/mcp-server` do not specify exact versions. This means that running these commands could install the latest available version, which might contain breaking changes, new vulnerabilities, or even malicious code if a package maintainer's account is compromised or a typosquatting attack occurs. Always pin dependencies to exact versions (e.g., `npm install pay-lobster@4.2.0 viem@^1.0.0`). Use a `package-lock.json` or `yarn.lock` file to ensure deterministic builds. Regularly audit and update dependencies. | LLM | SKILL.md:40 | |
| HIGH | Potential command injection via `curl` arguments The `curl` examples provided (`curl https://paylobster.com/api/v3/reputation/0xADDRESS`, `curl https://paylobster.com/api/v3/escrows?creator=0xADDRESS`) demonstrate direct command execution. If an AI agent were to construct and execute such `curl` commands based on untrusted user input for `0xADDRESS` or `creator`, a malicious actor could inject arbitrary shell commands (e.g., `0xADDRESS; rm -rf /`) leading to command injection. If the agent is designed to execute shell commands based on user input, all input must be rigorously sanitized and validated to prevent injection. Prefer using dedicated HTTP client libraries within the agent's programming language rather than shelling out to `curl`. | LLM | SKILL.md:269 | |
| HIGH | Self-hosted MCP server uses `npx` for execution, posing command injection and supply chain risks The configuration for the self-hosted MCP server specifies `command: "npx"` with `args: ["@paylobster/mcp-server"]`. `npx` executes a package from the npm registry. This is a direct form of command execution. If the `@paylobster/mcp-server` package (or any of its dependencies) were compromised (a supply chain attack), it would lead to arbitrary code execution on the host system where the agent is running the self-hosted server. Ensure that any `npx` commands are executed in a highly sandboxed and isolated environment. Pin the version of `@paylobster/mcp-server` (e.g., `npx @paylobster/mcp-server@1.2.0`) to mitigate risks from future malicious updates. Regularly audit the package and its dependencies for vulnerabilities. | LLM | SKILL.md:184 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/itsgustav/paylobster/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/ccfc0039b5bedcc2)
Powered by SkillShield