Trust Assessment
scout received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 13 findings: 6 critical, 2 high, 4 medium, and 1 low severity. Key findings include Persistence / self-modification instructions, Unsafe deserialization / dynamic eval, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings13
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/yaooooooooooooooo/scout/scripts/batch-report.js:77 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/yaooooooooooooooo/scout/scripts/batch-report.js:121 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/yaooooooooooooooo/scout/scripts/batch-report.js:122 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/yaooooooooooooooo/scout/scripts/compare.js:94 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/yaooooooooooooooo/scout/scripts/compare.js:96 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/yaooooooooooooooo/scout/scripts/compare.js:102 | |
| HIGH | Arbitrary File Write via Path Traversal The `scripts/batch-report.js` script constructs an output file path directly from command-line arguments (`--output=`). If an untrusted user can control these arguments, they could specify a path traversal sequence (e.g., `../../../../etc/passwd`) to write to arbitrary files on the system, potentially overwriting sensitive system files or other application data. This is a critical command injection/excessive permissions vulnerability. Sanitize the `outputFile` path to ensure it remains within an allowed, designated output directory. This can be achieved by resolving the path to an absolute path and verifying it is a child of the intended directory, or by strictly disallowing path traversal sequences like `..`. | LLM | scripts/batch-report.js:20 | |
| HIGH | Sensitive Wallet Private Key Required The skill's `safe-pay.js` functionality explicitly requires the `SCOUT_PRIVATE_KEY` environment variable, which is a wallet private key, to perform blockchain transactions. While necessary for the skill's intended purpose, handling such a highly sensitive credential directly in an environment variable poses a significant risk. If the skill's code were compromised or contained malicious logic, this private key could be exfiltrated or misused, leading to direct financial loss. Implement robust security practices for handling private keys. For AI agent skills, consider alternatives to direct private key exposure, such as integrating with secure Key Management Services (KMS), requiring user confirmation for each transaction, or using multi-party computation (MPC) wallets. If direct key access is unavoidable, ensure the execution environment is highly isolated and trusted, and enforce strict access controls. | LLM | SKILL.md:68 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/yaooooooooooooooo/scout/scripts/api-server.js:104 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/yaooooooooooooooo/scout/scripts/api-server.js:134 | |
| MEDIUM | Unpinned npm dependency version Dependency '@neondatabase/serverless' is not pinned to an exact version ('^1.0.2'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/yaooooooooooooooo/scout/package.json | |
| MEDIUM | Moltbook API Key Required for Core Functionality The `MOLTBOOK_API_KEY` environment variable is required by almost all scripts to interact with the Moltbook API. This key grants access to an agent's profile data, posts, comments, and direct message functionality. Unauthorized access to this API key could lead to data exfiltration (e.g., reading private DMs, activity data) or unauthorized actions (e.g., sending DMs, posting on behalf of the agent). Ensure the execution environment for the skill is secure and that API keys are protected from unauthorized access. Implement API key rotation policies. If the Moltbook API supports them, consider using OAuth or other token-based authentication mechanisms that provide more granular control and shorter-lived credentials. | LLM | SKILL.md:67 | |
| LOW | Unpinned Dependencies in package.json The `package.json` file uses caret (`^`) ranges for its `ethers` and `@neondatabase/serverless` dependencies. While `package-lock.json` pins exact versions, using `^` in `package.json` allows `npm install` to pull in new minor or patch versions. A malicious update to a minor version of a dependency could introduce vulnerabilities without requiring a major version bump. For security-critical applications, exact pinning in `package.json` is generally recommended to ensure deterministic builds and prevent unexpected code changes. Pin all dependencies to exact versions in `package.json` (e.g., `"ethers": "6.11.0"`) to ensure deterministic builds and prevent unexpected updates. Regularly audit dependencies for known vulnerabilities. | LLM | package.json:8 |
Scan History
Embed Code
[](https://skillshield.io/report/f4cbd72082d85541)
Powered by SkillShield