Trust Assessment
sage-auth received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Direct exposure of wallet mnemonic via `get_secret_key`, Skill allows explicit storage of sensitive mnemonics, Skill allows deletion of wallet database.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct exposure of wallet mnemonic via `get_secret_key` The `get_secret_key` endpoint is explicitly designed to return the mnemonic (seed phrase) of a wallet. This is the master secret that controls all funds in a cryptocurrency wallet. If an attacker or a malicious prompt can invoke this endpoint, they can exfiltrate the mnemonic and gain full control over the user's assets. The skill itself notes this as 'sensitive!'. This endpoint should be removed. If absolutely necessary for specific, highly controlled use cases, it must be protected by multi-factor authentication, strict access controls, and explicit user confirmation for each invocation. The LLM should never have direct, unmediated access to such an endpoint. | LLM | SKILL.md:26 | |
| HIGH | Skill allows explicit storage of sensitive mnemonics The `import_key` endpoint includes a `save_secrets: true` parameter, indicating that the skill can be instructed to store the provided mnemonic in its internal state. While importing a key is a legitimate function, explicitly saving the raw mnemonic increases the attack surface. Combined with the `get_secret_key` endpoint, this creates a full lifecycle for storing and retrieving highly sensitive credentials. Re-evaluate the necessity of storing raw mnemonics. If storage is unavoidable, ensure robust encryption at rest and strict access controls. Consider if the `save_secrets` flag should default to `false` or be removed entirely, relying on the user to manage their mnemonic securely outside the skill. | LLM | SKILL.md:42 | |
| HIGH | Skill allows deletion of wallet database The `delete_database` endpoint provides the capability to permanently delete the user's wallet database. This represents a significant risk of data loss and denial of service if invoked maliciously or accidentally by the LLM. This endpoint should be protected by strong authorization and require explicit user confirmation for each invocation. The LLM should not have unmediated access to destructive operations. | LLM | SKILL.md:53 |
Scan History
Embed Code
[](https://skillshield.io/report/ddd4e6536e42ad41)
Powered by SkillShield