Trust Assessment
tron-x402-payment received a trust score of 52/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 1 critical, 1 high, 2 medium, and 2 low severity. Key findings include Node lockfile missing, Unpinned npm dependency version, Prompt Injection via Skill Documentation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection via Skill Documentation The SKILL.md documentation, which is treated as untrusted input, contains explicit instructions and examples intended to guide the host LLM's behavior regarding sensitive environment variables. Specifically, the 'Security Rules for Agents' section and the 'Negative Example' directly instruct the LLM on how to handle (or not handle) the TRON_PRIVATE_KEY, including demonstrating a command (`echo $TRON_PRIVATE_KEY`) that would exfiltrate the secret. This is a direct attempt to manipulate the LLM's internal reasoning and could lead to credential leakage if the LLM misinterprets or is coerced into executing the 'negative' example. Remove all direct instructions and examples intended for the host LLM from the SKILL.md documentation. The documentation should describe the skill's functionality, not dictate the LLM's internal security protocols. If security advice is necessary, it should be provided out-of-band or through a trusted system prompt, not within untrusted skill documentation. | LLM | SKILL.md:178 | |
| HIGH | Unpinned Dependencies The 'package.json' file specifies several dependencies using caret (^) ranges (e.g., '^0.1.6', '^5.3.0'). This means that minor and patch versions can be automatically updated, which introduces a supply chain risk. A malicious update to a dependency could introduce vulnerabilities or backdoors without explicit review. Pin all dependencies to exact versions (e.g., '1.2.3' instead of '^1.2.3' or '~1.2.3'). Use a lock file (package-lock.json or yarn.lock) to ensure deterministic builds. Regularly audit and update dependencies after manual review. | LLM | package.json:12 | |
| MEDIUM | Unpinned npm dependency version Dependency '@open-aibank/x402-tron' is not pinned to an exact version ('^0.1.6'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/wzc1206/tron-x402-payment/package.json | |
| MEDIUM | Use of npx in Build Script The 'build' script in 'package.json' uses 'npx @vercel/ncc build'. While 'npx' is a legitimate tool, it downloads and executes packages from npm. This introduces a supply chain risk if the '@vercel/ncc' package or its dependencies are compromised, or if a typosquatted package name is used. It also bypasses explicit installation and version management for the build tool. Prefer installing build tools as devDependencies and referencing them directly (e.g., 'npm run build' where 'build' script calls 'ncc build'). This ensures the tool is explicitly listed and versioned in package.json and managed by the package manager, reducing the risk of unexpected execution or typosquatting. | LLM | package.json:8 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/wzc1206/tron-x402-payment/dist/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/wzc1206/tron-x402-payment/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/ff6ad4ba0773c75c)
Powered by SkillShield