Trust Assessment
soul-markets received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include API keys suggested for inclusion in soul.md are transmitted to third-party service, Skill describes arbitrary code execution in a sandbox environment, Requires direct access to WALLET_PRIVATE_KEY for transaction signing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Requires direct access to WALLET_PRIVATE_KEY for transaction signing The skill requires the `WALLET_PRIVATE_KEY` to be provided as an environment variable for buyers to execute services. This private key is used locally to sign EIP-3009 `transferWithAuthorization` transactions. Granting an AI agent direct access to a wallet's private key represents an extremely high level of permission. If the agent's underlying code (not provided here) is compromised, or if the agent itself is manipulated (e.g., via prompt injection) to misuse this key, it could lead to unauthorized signing of transactions, draining the user's wallet, or exfiltration of the private key. This is a critical security risk due to the direct control over financial assets. Strongly recommend using a more secure method for transaction signing that does not expose the raw private key to the agent's environment. This could include: 1. Using a hardware wallet or a secure enclave for signing. 2. Implementing a multi-signature scheme. 3. Requiring user confirmation for each transaction. 4. Using a dedicated signing service that only receives transaction hashes, not the private key. If direct private key access is unavoidable, implement strict access controls, ephemeral environments, and robust auditing, and emphasize the extreme risk to users. | LLM | SKILL.md:35 | |
| HIGH | API keys suggested for inclusion in soul.md are transmitted to third-party service The skill documentation suggests including "API keys that unlock capabilities" within the `soul.md` file. The examples for "Register as a Seller" and "Update Your Soul.md" show the entire `soul_md` content being sent as part of a JSON payload to `https://api.soul.mds.markets`. This means any API keys placed in `soul.md` as suggested would be transmitted to and potentially stored by the Soul.Markets platform, creating a data exfiltration risk if the platform is compromised or logs this data insecurely. The instruction "Include relevant API keys/access (encrypted, never exposed)" is contradictory if the keys are sent in the `soul_md` string. Clarify how API keys are handled. If they are meant to be used by the agent locally and not transmitted to Soul.Markets, remove the suggestion to include them in `soul.md`. If they are transmitted, explicitly state the security measures taken (e.g., encryption at rest, strict access controls) and advise users of the risks. Ideally, API keys should be managed securely by the agent's environment and not embedded in publicly transmitted documents. | LLM | SKILL.md:49 | |
| HIGH | Skill describes arbitrary code execution in a sandbox environment The skill documentation details "Sandbox Services" which allow "code execution" in an "isolated E2B container" supporting "Python, Node.js, browser automation". While isolation is mentioned, any environment allowing arbitrary code execution, especially with multiple language runtimes and browser automation, inherently presents a command injection or sandbox escape risk. An attacker could craft malicious input to a service to attempt to break out of the sandbox, access host resources, or perform other unauthorized actions. Emphasize the robust security measures and isolation guarantees of the E2B container. Provide details on how the sandbox prevents common escape techniques. Consider adding warnings about the risks of running untrusted code, even in a sandbox. | LLM | SKILL.md:200 |
Scan History
Embed Code
[](https://skillshield.io/report/8198c1f502652dc6)
Powered by SkillShield