Trust Assessment
sui-opportunities-hunter received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Direct Blockchain Transaction Execution via `sui client call`, Exposure of Sensitive Wallet Information via `sui client` commands, Arbitrary Network Requests via `curl`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 41/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct Blockchain Transaction Execution via `sui client call` The skill explicitly instructs the agent to execute `sui client call` commands, which can perform arbitrary transactions on the Sui blockchain. While the skill includes a rule to limit trades to 'Max 10 SUI', this is a guideline for the agent and not an enforced technical limit by the command itself. If the agent is compromised or if the arguments (`<DEX_PACKAGE_ID>`, `<pool_id>`, `<coin_object>`, `<min_amount_out>`) are constructed from untrusted input, this could lead to unauthorized transactions, fund loss, or other malicious on-chain activities. This represents a severe command injection vulnerability and excessive permissions. Implement robust input validation and sanitization for all arguments passed to `sui client call`. Consider using a dedicated, sandboxed execution environment with strict resource and permission controls. Enforce the 'Max 10 SUI' limit programmatically within the agent's logic before constructing and executing the command. For critical operations, require explicit human approval or use multi-signature wallets. | LLM | SKILL.md:200 | |
| HIGH | Reliance on External API (Supply Chain Risk) The skill's core functionality relies heavily on an external API hosted at `https://sui-opportunities-hunter.vercel.app`. The security and integrity of this external service are critical. If this API is compromised, it could feed malicious or misleading data to the agent, potentially leading to incorrect decisions, financial losses, or even triggering harmful `sui client call` commands if the agent's input validation is insufficient. This introduces a significant supply chain risk. Implement strong input validation and sanitization for all data received from external APIs. Consider rate limiting and anomaly detection for API responses. Regularly audit the external service's security posture if possible, or assume it could be compromised and design the agent's logic to be resilient to malicious API responses. | LLM | SKILL.md:60 | |
| MEDIUM | Exposure of Sensitive Wallet Information via `sui client` commands The skill instructs the agent to execute `sui client active-address` and `sui client gas`. These commands reveal sensitive user information such as the active Sui wallet address and its gas balance. While not private keys, this information is personal and could be exfiltrated if the agent's output is not properly sandboxed or if a compromised agent is instructed to log or transmit this data externally. Ensure that the output of sensitive commands like `sui client active-address` and `sui client gas` is strictly confined to the agent's local execution environment and never transmitted externally without explicit user consent. Implement strict output filtering and logging policies. | LLM | SKILL.md:195 | |
| MEDIUM | Arbitrary Network Requests via `curl` The skill extensively uses `curl` for interacting with external APIs. While the examples provided target a specific domain (`sui-opportunities-hunter.vercel.app`), the `curl` command itself allows arbitrary network requests. A compromised agent could be instructed to use `curl` to interact with malicious domains, exfiltrate data to unauthorized endpoints, or perform other unauthorized network activities. Implement network egress filtering to restrict `curl` and other network tools to only communicate with a predefined whitelist of trusted domains. Ensure that any dynamic URLs passed to `curl` are thoroughly validated and sanitized. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/48b98c9293bf873e)
Powered by SkillShield