Trust Assessment
sequence-builder received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 1 low severity. Key findings include Potential Command Injection via Unsanitized Arguments, Handling of Sensitive Private Keys, Unpinned Dependency in `npx` Command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 61/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsanitized Arguments The skill invokes `npx @0xsequence/builder-cli` with arguments that are expected to be filled by the agent (e.g., `<private-key>`, `<access-key>`, `<token-address>`, `<recipient>`, `<amount>`, `<chain-id>`, `<project-id>`). If the agent or orchestrator substitutes these placeholders directly with untrusted user input without proper sanitization or shell escaping, an attacker could inject arbitrary shell commands. For example, an input like `mykey --evil-command-here` could lead to execution of `evil-command-here`. Ensure all user-provided inputs passed as arguments to shell commands are strictly validated and properly shell-escaped before execution. Consider using a library or framework that handles argument sanitization automatically. | LLM | SKILL.md:19 | |
| HIGH | Handling of Sensitive Private Keys The skill explicitly instructs the agent to handle and potentially store blockchain private keys, either directly via the `-k` flag or by setting the `SEQUENCE_PASSPHRASE` environment variable for encrypted local storage in `~/.sequence-builder/config.json`. While encryption is mentioned, the direct handling and storage of private keys by an AI agent increases the risk of credential compromise if the agent's environment is breached or if the key management practices are not robust. This could lead to unauthorized access and control over associated cryptocurrency assets. Avoid direct handling or storage of private keys by the AI agent. Instead, integrate with secure key management systems (KMS) or hardware security modules (HSM) where private keys are never exposed to the agent directly. If local storage is unavoidable, enforce strong access controls, encryption, and rotation policies. Educate users on the risks of exposing private keys. | LLM | SKILL.md:22 | |
| MEDIUM | Unpinned Dependency in `npx` Command The skill uses `npx @0xsequence/builder-cli` without specifying a version (e.g., `@0xsequence/builder-cli@1.2.3`). This means that each time the command is executed, the latest version of the package will be downloaded and run. This introduces a supply chain risk, as a malicious update to the `builder-cli` package could be automatically executed by the agent without review, potentially leading to compromise. Pin the version of the `builder-cli` package used in the `npx` command (e.g., `npx @0xsequence/builder-cli@<specific-version>`). Regularly review and manually update the pinned version after verifying its integrity and security. | LLM | SKILL.md:19 | |
| LOW | Excessive Permissions via `npx` Execution The skill relies on executing `npx`, which runs arbitrary Node.js packages. This grants the skill the full permissions of the user account running the AI agent, including access to the filesystem, network, and other system resources. While necessary for the skill's functionality, this broad permission scope increases the attack surface if the `builder-cli` tool itself or its arguments are compromised. Run the AI agent and its skills in a least-privilege environment (e.g., a container with restricted capabilities, a dedicated user account with minimal permissions). Implement sandboxing or other isolation mechanisms to limit the impact of a compromised skill. | LLM | SKILL.md:19 |
Scan History
Embed Code
[](https://skillshield.io/report/06e58a74a36acafb)
Powered by SkillShield