Trust Assessment
resolving-domains received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Skill has general access to `process.env`, Skill makes unrestricted external network requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill has general access to `process.env` The skill accesses `process.env.WEB3_BIO_API_KEY`. This demonstrates that the skill has general access to the `process.env` object. A malicious or compromised skill could read any environment variable, including sensitive credentials (e.g., API keys, database passwords) or configuration, and exfiltrate them. This poses a significant risk for data exfiltration and credential harvesting. Implement a secure secret management system that injects only the necessary `WEB3_BIO_API_KEY` value directly into the skill's runtime, rather than exposing the entire `process.env` object. Restrict the skill's runtime environment to only expose explicitly required environment variables, minimizing the attack surface. Consider using a platform that provides granular control over environment variable access. | LLM | SKILL.md:49 | |
| MEDIUM | Skill makes unrestricted external network requests The skill uses `fetch` to make requests to `https://api.web3.bio/profile/`. While this is for legitimate functionality, the ability to make arbitrary external network requests, especially when combined with access to sensitive data (such as `process.env` variables or user message content), creates a channel for data exfiltration to attacker-controlled endpoints. Without egress filtering, a compromised skill could send any data it has access to outside the trusted environment. Implement strict egress filtering to restrict network requests to only approved and necessary domains (e.g., `api.web3.bio`). Monitor network activity for unusual or unauthorized connections. Ensure that no sensitive data is processed or stored in a way that could be exfiltrated via these requests. | LLM | SKILL.md:79 |
Scan History
Embed Code
[](https://skillshield.io/report/48b18672ec4483cb)
Powered by SkillShield