Trust Assessment
solana-funding-arb received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 2 high, 4 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Unpinned npm dependency version, Potential Private Key Logging to File.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct Loading of Solana Private Key The skill explicitly instructs the user to provide their Solana private key via an environment variable (`SOLANA_PRIVATE_KEY`) or a file path (`SOLANA_WALLET_PATH`). The `auto-trader.ts` and `index.ts` scripts then directly load this private key into memory using `Keypair.fromSecretKey`. While necessary for a trading bot to sign transactions, this represents a high-risk credential harvesting vector if the skill itself is compromised or if the user is tricked into running a malicious version. Ensure the skill's integrity by verifying its source and checksums. For users, store private keys in secure, encrypted vaults or hardware wallets, and only provide them to trusted applications. Implement multi-factor authentication where possible. The skill developer should consider using a secure enclave or a wallet adapter that handles key management externally without direct exposure to the application code. | LLM | scripts/src/index.ts:25 | |
| HIGH | Excessive Permissions: Full Wallet Control The skill requires the user's Solana private key, granting it full control over the associated wallet. This permission allows the bot to initiate and sign any transaction on behalf of the user, including transferring assets, interacting with smart contracts, or performing other financial operations. While essential for a trading bot, this is the highest level of financial permission and poses a significant risk if the bot's logic is flawed or malicious. Users should only deploy this skill with a dedicated wallet containing only the funds necessary for the bot's operation, isolated from their main holdings. Implement strict monitoring of the bot's transactions and set up alerts for unusual activity. The skill developer should implement robust internal controls, such as transaction simulation, dry-run modes, and clear logging of all proposed and executed transactions. | LLM | SKILL.md:68 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/zedit42/solana-funding-arb/scripts/cron-runner.sh:8 | |
| MEDIUM | Unpinned npm dependency version Dependency 'axios' is not pinned to an exact version ('^1.6.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/zedit42/solana-funding-arb/scripts/package.json | |
| MEDIUM | Potential Private Key Logging to File The `cron-runner.sh` script sources the user's `.env` file, which may contain `SOLANA_PRIVATE_KEY`, and then redirects all output (stdout and stderr) of the `auto-trader.ts` script to a log file. If the `auto-trader.ts` or any of its dependencies were to accidentally print the private key to console, it would be persisted unencrypted in the log file on disk, leading to data exfiltration. Review `auto-trader.ts` and its dependencies to ensure no sensitive information, especially private keys, is ever printed to standard output or error. Implement explicit logging for sensitive data with appropriate redaction or encryption. Consider using a more robust logging framework that handles sensitive data securely. | LLM | scripts/cron-runner.sh:20 | |
| MEDIUM | Unpinned Major Version Dependencies Several dependencies in `scripts/package.json` are specified with caret (`^`) ranges, allowing for automatic updates to new major versions. For example, `axios: ^1.6.0` could update to `axios@2.x.x`. New major versions can introduce breaking changes, new vulnerabilities, or even malicious code if a package maintainer's account is compromised. While `package-lock.json` pins specific versions, `npm install` or `npm update` could pull in unreviewed major versions. Pin all dependencies to exact versions (e.g., `"axios": "1.6.0"`) to ensure deterministic builds and prevent unexpected updates. Regularly review and manually update dependencies to new versions after thorough security vetting and testing. Use tools like Dependabot or Renovate to manage dependency updates and security alerts. | LLM | scripts/package.json:26 |
Scan History
Embed Code
[](https://skillshield.io/report/8200ffe3c77ddcdc)
Powered by SkillShield