Trust Assessment
signal-generator received a trust score of 48/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 2 high, 4 medium, and 1 low severity. Key findings include Missing required field: name, Unpinned npm dependency version, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Hardcoded absolute path for module import The skill hardcodes an absolute path `/root/quant-trading-bot` into `sys.path`, which is then used to import modules. This creates a strong dependency on a specific system layout, potentially outside the skill's control. If the content of `/root/quant-trading-bot` is compromised or replaced, it could lead to arbitrary code execution within the skill's context. It also implies an assumption of root access or a specific privileged environment. Avoid hardcoding absolute paths. Use relative paths, environment variables, or a proper package management system to locate dependencies. Ensure `quant-trading-bot` is a trusted, managed dependency. | LLM | signal_generator.py:10 | |
| HIGH | Hardcoded absolute path for Python interpreter in runner script The `run.sh` script attempts to use a Python interpreter from a hardcoded absolute path `/root/quant-trading-bot/venv/bin/python3`. This creates a critical dependency on an external, potentially unmanaged virtual environment. If this path is compromised or points to a malicious interpreter, it could lead to arbitrary code execution. It also implies an assumption of root access or a specific privileged environment. Use a relative path to a local virtual environment, rely on the system's `python3` (if appropriate), or use a more robust environment management system. Avoid assuming specific absolute paths, especially in `/root`. | LLM | run.sh:6 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/nititepfirm/signal-generator/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency 'python' is not pinned to an exact version ('>=3.7'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/nititepfirm/signal-generator/package.json | |
| MEDIUM | Unpinned dependencies in package.json The `package.json` specifies dependencies (`pandas`, `numpy`, `ccxt`) using `>=` operators, allowing for any future version to be installed. This introduces a supply chain risk as new versions could contain breaking changes, vulnerabilities, or even malicious code. It makes the build non-deterministic and harder to audit. Pin dependencies to exact versions (e.g., `"pandas": "1.5.3"`) or use a narrow range (e.g., `"pandas": "~1.5.0"`) to ensure deterministic builds and reduce the risk of unexpected changes or malicious updates. | LLM | package.json:16 | |
| MEDIUM | Potential data exfiltration or command injection via unsanitized alert targets The `config.json` allows users to specify `targets` like `discord:your_channel_id` or `telegram:your_chat_id`. While the `format_message` method is shown, the actual `send_alert` implementation is truncated. If the `channel_id` or `chat_id` values are not properly validated and sanitized before being used in an external call (e.g., a shell command or an HTTP request), an attacker could potentially inject malicious commands or direct sensitive data to an arbitrary endpoint. Implement strict validation and sanitization for all `target` values. Ensure that channel/chat IDs conform to expected formats and that the `send_alert` mechanism prevents command injection or arbitrary URL redirection. If external commands are used, ensure proper escaping. | LLM | signal_generator.py:140 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/nititepfirm/signal-generator/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/e6efb829a97c4c15)
Powered by SkillShield