Trust Assessment
sage-xch received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Automatic Submission of Financial Transactions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Automatic Submission of Financial Transactions The skill's transaction functions (e.g., `send_xch`, `bulk_send_xch`, `multi_send`, `combine`, `split`, `auto_combine_xch`, `finalize_clawback`) include an `auto_submit: true` parameter. When set to true, this allows the skill to automatically submit irreversible financial transactions to the Chia network without requiring explicit user confirmation for each operation. This grants the automated agent a high degree of control over user funds, increasing the risk of unauthorized or erroneous transactions if the agent is compromised or misused. Consider implementing a mandatory user confirmation step for all financial transactions, especially when initiated by an automated agent. If `auto_submit` is necessary for specific use cases, ensure robust authorization and approval mechanisms are in place, or default `auto_submit` to `false` requiring explicit override. For critical operations, a human-in-the-loop approval process is recommended. | LLM | SKILL.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/03ade0da91d031d7)
Powered by SkillShield