Trust Assessment
slopesniper received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Skill instructs LLM to display private key.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill instructs LLM to display private key The skill explicitly instructs the LLM to execute the `slopesniper export` command and display the user's private key when prompted. The example table states that when the user says 'Export my key', the action 'Shows private key for backup' occurs. This directly exposes a highly sensitive credential through the LLM's output channel, posing a critical risk of credential harvesting and data exfiltration if the LLM's output is logged, stored, or accessible to unauthorized parties. Modify the skill to avoid directly displaying private keys in the LLM's output. Instead, instruct the user to access the key securely through an out-of-band method (e.g., a dedicated secure application, or a local file that the LLM does not have access to read/output). If the tool *must* display it, the skill should explicitly warn the user about the risks of displaying it in the LLM's chat interface and advise against it. | LLM | SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/51029c47fb9e0e62)
Powered by SkillShield