Trust Assessment
thirdweb received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 2 medium, and 1 low severity. Key findings include Potential Command Injection / Supply Chain Risk via npx, Access to Sensitive Environment Variable `THIRDWEB_SECRET_KEY`, Unpinned `thirdweb` Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 54/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection / Supply Chain Risk via npx The skill provides `npx` commands (`npx thirdweb create app`, `npx thirdweb deploy --app`) which download and execute code from the npm registry. If the AI agent is configured to execute shell commands from skill documentation, this could lead to arbitrary code execution on the host system if the `thirdweb` package or its dependencies are compromised. This introduces both a command injection vector and a supply chain risk. Avoid instructing the AI agent to directly execute `npx` commands from untrusted skill content. If execution is necessary, consider sandboxing the environment or using a trusted, pre-installed version of the CLI. Pin specific versions for `npx` commands (e.g., `npx thirdweb@5.x.x create app`). | LLM | SKILL.md:24 | |
| HIGH | Potential Command Injection / Supply Chain Risk via npx The skill provides `npx` commands (`npx thirdweb create app`, `npx thirdweb deploy --app`) which download and execute code from the npm registry. If the AI agent is configured to execute shell commands from skill documentation, this could lead to arbitrary code execution on the host system if the `thirdweb` package or its dependencies are compromised. This introduces both a command injection vector and a supply chain risk. Avoid instructing the AI agent to directly execute `npx` commands from untrusted skill content. If execution is necessary, consider sandboxing the environment or using a trusted, pre-installed version of the CLI. Pin specific versions for `npx` commands (e.g., `npx thirdweb@5.x.x create app`). | LLM | SKILL.md:165 | |
| MEDIUM | Access to Sensitive Environment Variable `THIRDWEB_SECRET_KEY` The skill demonstrates accessing `process.env.THIRDWEB_SECRET_KEY` for server-side operations. While this is a standard and recommended practice for handling secrets, if the AI agent were to execute code generated from this skill, a malicious skill could potentially access and exfiltrate this sensitive credential. Ensure that any code executed by the AI agent, especially server-side code, is thoroughly vetted and sandboxed to prevent unauthorized access or exfiltration of environment variables. Implement strict access controls for environment variables. | LLM | SKILL.md:36 | |
| MEDIUM | Access to Sensitive Environment Variable `THIRDWEB_SECRET_KEY` The skill demonstrates accessing `process.env.THIRDWEB_SECRET_KEY` for server-side operations. While this is a standard and recommended practice for handling secrets, if the AI agent were to execute code generated from this skill, a malicious skill could potentially access and exfiltrate this sensitive credential. Ensure that any code executed by the AI agent, especially server-side code, is thoroughly vetted and sandboxed to prevent unauthorized access or exfiltration of environment variables. Implement strict access controls for environment variables. | LLM | SKILL.md:144 | |
| LOW | Unpinned `thirdweb` Dependency The `thirdweb` dependency is specified with a caret range (`^5.0.0`), allowing minor and patch updates. This introduces a supply chain risk as future installations could pull in different versions of the package, potentially introducing vulnerabilities or breaking changes without explicit review. Pin dependencies to exact versions (e.g., `"thirdweb": "5.0.0"`) to ensure deterministic builds and prevent unexpected changes from upstream updates. | LLM | SKILL.md:180 |
Scan History
Embed Code
[](https://skillshield.io/report/9ecba262fd424197)
Powered by SkillShield