Trust Assessment
soroban-trader received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 1 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Direct Private Key Exposure to Skill, Unpinned Dependency in package.json.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct Private Key Exposure to Skill The skill's documentation explicitly instructs the agent to provide its private key directly to the `soroban.setKey()` function. This design choice is a critical security vulnerability. By supplying the private key, the agent grants the skill full and unrestricted control over its associated funds. If the skill's underlying implementation is malicious, compromised, or contains vulnerabilities, the private key could be exfiltrated, leading to complete loss of the agent's assets. Even with claims of encryption, the fundamental act of entrusting the raw private key to an external skill is a severe risk. Implement a secure key management strategy that avoids direct exposure of private keys to the skill. This could involve using a secure enclave, hardware wallet integration, or a delegated signing mechanism where the private key remains within the agent's secure environment. The skill should only receive signed transactions or requests for signing, not the private key itself. Alternatively, consider using a limited-permission API key or a multi-signature setup if direct key access is unavoidable for certain operations. | LLM | SKILL.md:43 | |
| MEDIUM | Unpinned npm dependency version Dependency '@stellar/stellar-sdk' is not pinned to an exact version ('^14.5.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/kaankacar/soroban/package.json | |
| LOW | Unpinned Dependency in package.json The `package.json` file specifies the `@stellar/stellar-sdk` dependency using a caret (`^`) range (`^14.5.0`). While `package-lock.json` pins the exact version, relying on caret ranges in `package.json` can lead to unintended updates to minor or patch versions if the lock file is not strictly enforced or is regenerated without careful review. This introduces a potential supply chain risk, as newer versions of the dependency could introduce vulnerabilities or breaking changes without explicit developer intent. Pin all dependencies to exact versions in `package.json` (e.g., change `"^14.5.0"` to `"14.5.0"`) to ensure deterministic builds and prevent unexpected updates. Regularly audit and update dependencies to incorporate security fixes, but do so intentionally rather than through automatic range resolution. | LLM | package.json:18 |
Scan History
Embed Code
[](https://skillshield.io/report/80ff656643f42cf9)
Powered by SkillShield