Trust Assessment
universal-voice-agent received a trust score of 22/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 20 findings: 12 critical, 3 high, 5 medium, and 0 low severity. Key findings include Hidden network beacons / undisclosed telemetry, Potential hardcoded secret (high entropy), Missing required field: name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings20
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Hardcoded API Keys and Tokens Multiple API keys and authentication tokens for Twilio, Groq, and ElevenLabs are hardcoded directly into the source code and shell script. This exposes sensitive credentials, making them vulnerable to compromise if the code is publicly accessible or deployed without proper environment variable configuration. An attacker could use these keys to make unauthorized API calls, incurring costs or accessing sensitive data. Replace hardcoded credentials with environment variables or a secure secrets management system. Ensure that `process.env` variables are always used and no default fallback values are present in production code. | LLM | scripts/agent.js:13 | |
| CRITICAL | Hardcoded API Keys and Tokens Multiple API keys and authentication tokens for Twilio, Groq, and ElevenLabs are hardcoded directly into the source code and shell script. This exposes sensitive credentials, making them vulnerable to compromise if the code is publicly accessible or deployed without proper environment variable configuration. An attacker could use these keys to make unauthorized API calls, incurring costs or accessing sensitive data. Replace hardcoded credentials with environment variables or a secure secrets management system. Ensure that `process.env` variables are always used and no default fallback values are present in production code. | LLM | scripts/agent.js:14 | |
| CRITICAL | Hardcoded API Keys and Tokens Multiple API keys and authentication tokens for Twilio, Groq, and ElevenLabs are hardcoded directly into the source code and shell script. This exposes sensitive credentials, making them vulnerable to compromise if the code is publicly accessible or deployed without proper environment variable configuration. An attacker could use these keys to make unauthorized API calls, incurring costs or accessing sensitive data. Replace hardcoded credentials with environment variables or a secure secrets management system. Ensure that `process.env` variables are always used and no default fallback values are present in production code. | LLM | scripts/agent.js:16 | |
| CRITICAL | Hardcoded API Keys and Tokens Multiple API keys and authentication tokens for Twilio, Groq, and ElevenLabs are hardcoded directly into the source code and shell script. This exposes sensitive credentials, making them vulnerable to compromise if the code is publicly accessible or deployed without proper environment variable configuration. An attacker could use these keys to make unauthorized API calls, incurring costs or accessing sensitive data. Replace hardcoded credentials with environment variables or a secure secrets management system. Ensure that `process.env` variables are always used and no default fallback values are present in production code. | LLM | scripts/agent.js:17 | |
| CRITICAL | Hardcoded API Keys and Tokens Multiple API keys and authentication tokens for Twilio, Groq, and ElevenLabs are hardcoded directly into the source code and shell script. This exposes sensitive credentials, making them vulnerable to compromise if the code is publicly accessible or deployed without proper environment variable configuration. An attacker could use these keys to make unauthorized API calls, incurring costs or accessing sensitive data. Replace hardcoded credentials with environment variables or a secure secrets management system. Ensure that `process.env` variables are always used and no default fallback values are present in production code. | LLM | scripts/websocket-server.js:20 | |
| CRITICAL | Hardcoded API Keys and Tokens Multiple API keys and authentication tokens for Twilio, Groq, and ElevenLabs are hardcoded directly into the source code and shell script. This exposes sensitive credentials, making them vulnerable to compromise if the code is publicly accessible or deployed without proper environment variable configuration. An attacker could use these keys to make unauthorized API calls, incurring costs or accessing sensitive data. Replace hardcoded credentials with environment variables or a secure secrets management system. Ensure that `process.env` variables are always used and no default fallback values are present in production code. | LLM | scripts/websocket-server.js:21 | |
| CRITICAL | Hardcoded API Keys and Tokens Multiple API keys and authentication tokens for Twilio, Groq, and ElevenLabs are hardcoded directly into the source code and shell script. This exposes sensitive credentials, making them vulnerable to compromise if the code is publicly accessible or deployed without proper environment variable configuration. An attacker could use these keys to make unauthorized API calls, incurring costs or accessing sensitive data. Replace hardcoded credentials with environment variables or a secure secrets management system. Ensure that `process.env` variables are always used and no default fallback values are present in production code. | LLM | scripts/websocket-server.js:23 | |
| CRITICAL | Hardcoded API Keys and Tokens Multiple API keys and authentication tokens for Twilio, Groq, and ElevenLabs are hardcoded directly into the source code and shell script. This exposes sensitive credentials, making them vulnerable to compromise if the code is publicly accessible or deployed without proper environment variable configuration. An attacker could use these keys to make unauthorized API calls, incurring costs or accessing sensitive data. Replace hardcoded credentials with environment variables or a secure secrets management system. Ensure that `process.env` variables are always used and no default fallback values are present in production code. | LLM | scripts/websocket-server.js:24 | |
| CRITICAL | Hardcoded API Keys and Tokens Multiple API keys and authentication tokens for Twilio, Groq, and ElevenLabs are hardcoded directly into the source code and shell script. This exposes sensitive credentials, making them vulnerable to compromise if the code is publicly accessible or deployed without proper environment variable configuration. An attacker could use these keys to make unauthorized API calls, incurring costs or accessing sensitive data. Replace hardcoded credentials with environment variables or a secure secrets management system. Ensure that `process.env` variables are always used and no default fallback values are present in production code. | LLM | run.sh:3 | |
| CRITICAL | Hardcoded API Keys and Tokens Multiple API keys and authentication tokens for Twilio, Groq, and ElevenLabs are hardcoded directly into the source code and shell script. This exposes sensitive credentials, making them vulnerable to compromise if the code is publicly accessible or deployed without proper environment variable configuration. An attacker could use these keys to make unauthorized API calls, incurring costs or accessing sensitive data. Replace hardcoded credentials with environment variables or a secure secrets management system. Ensure that `process.env` variables are always used and no default fallback values are present in production code. | LLM | run.sh:4 | |
| CRITICAL | Hardcoded API Keys and Tokens Multiple API keys and authentication tokens for Twilio, Groq, and ElevenLabs are hardcoded directly into the source code and shell script. This exposes sensitive credentials, making them vulnerable to compromise if the code is publicly accessible or deployed without proper environment variable configuration. An attacker could use these keys to make unauthorized API calls, incurring costs or accessing sensitive data. Replace hardcoded credentials with environment variables or a secure secrets management system. Ensure that `process.env` variables are always used and no default fallback values are present in production code. | LLM | run.sh:6 | |
| CRITICAL | Hardcoded API Keys and Tokens Multiple API keys and authentication tokens for Twilio, Groq, and ElevenLabs are hardcoded directly into the source code and shell script. This exposes sensitive credentials, making them vulnerable to compromise if the code is publicly accessible or deployed without proper environment variable configuration. An attacker could use these keys to make unauthorized API calls, incurring costs or accessing sensitive data. Replace hardcoded credentials with environment variables or a secure secrets management system. Ensure that `process.env` variables are always used and no default fallback values are present in production code. | LLM | run.sh:7 | |
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/snail3d/clawforgod/universal-voice-agent/run.sh:12 | |
| HIGH | Suspiciously High Package Versions Indicating Typosquatting or Non-Existent Packages The `package.json` and `package-lock.json` files specify versions for several popular npm packages (`dotenv`, `express`, `form-data`, `twilio`, `ws`) that are significantly higher than their latest stable releases on the npm registry. This pattern is highly indicative of typosquatting attempts, where a malicious package might be published under a slightly different, higher version number, or simply indicates that the specified versions do not exist, leading to build failures or unexpected behavior. For example, `dotenv` is listed as `^17.2.3` but the latest stable is `16.4.5`. Verify the correct and latest stable versions of all dependencies. Update `package.json` to use legitimate and secure versions. Consider using a dependency vulnerability scanner and ensure `npm install` is run in a trusted environment. | LLM | package.json:12 | |
| HIGH | User-Controlled Goal Used Directly in LLM Prompt The `goal` parameter, which is directly provided by the user via command-line arguments (e.g., `--goal "..."`) or HTTP request body, is incorporated into the `CallSession` and subsequently used by the "Haiku reasoning engine" (`thinkWithHaiku` function). This direct inclusion of untrusted user input into the LLM's prompt creates a significant prompt injection vulnerability, allowing an attacker to manipulate the LLM's behavior, extract sensitive information, or bypass intended restrictions. Implement robust input sanitization and validation for the `goal` parameter before it is passed to the LLM. Consider using a separate, isolated LLM call for interpreting user intent, or employ prompt templating techniques that strictly separate user input from system instructions. | LLM | scripts/websocket-server.js:100 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.99) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/snail3d/clawforgod/universal-voice-agent/run.sh:7 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/snail3d/clawforgod/universal-voice-agent/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $ANTHROPIC_API_KEY Access to sensitive environment variable '$ANTHROPIC_API_KEY' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/snail3d/clawforgod/universal-voice-agent/run.sh:11 | |
| MEDIUM | Unpinned npm dependency version Dependency 'dotenv' is not pinned to an exact version ('^17.2.3'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/snail3d/clawforgod/universal-voice-agent/package.json | |
| MEDIUM | Shell Command Execution within Environment Variable Assignment The `run.sh` script uses command substitution `$(...)` to execute `echo "use openrouter" | base64` and assign its output to `ANTHROPIC_API_KEY`. While the current command is benign, this pattern demonstrates a command injection vulnerability. If the content within the `$(...)` were derived from untrusted input, it could lead to arbitrary shell command execution. This also serves as an example of a "hidden instruction" or obfuscation technique, as the actual value is base64 encoded. Avoid using command substitution with untrusted or potentially manipulated input in shell scripts. If dynamic values are needed, ensure they are properly sanitized and validated. For API keys, they should be loaded directly from secure environment variables or a secrets manager, not constructed via shell commands. | LLM | run.sh:9 |
Scan History
Embed Code
[](https://skillshield.io/report/fac8bc948bb3abdf)
Powered by SkillShield