Trust Assessment
valinor received a trust score of 74/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned external dependency installation, Agent's 'echo' mode susceptible to prompt injection and data exfiltration, Sensitive identity file stored locally.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned external dependency installation The skill instructs users to install the `valinor` binary via `cargo install valinor`. This command installs the latest version of the crate from `crates.io`. Without pinning a specific version, there's a risk that a malicious or compromised version of the `valinor` crate could be installed, leading to arbitrary code execution or other supply chain attacks. Pin the dependency to a specific, known-good version (e.g., `cargo install valinor@0.2.0`) or provide a checksum for verification to mitigate supply chain risks. | LLM | SKILL.md:24 | |
| HIGH | Agent's 'echo' mode susceptible to prompt injection and data exfiltration The skill describes an 'Autonomous Agent Mode' with an 'echo' behavior, where the agent 'Repeats the last chat message from another agent'. If a malicious actor sends a prompt injection payload, the agent might repeat it. If the agent's own LLM processes its output, or if other agents are listening, this could lead to unintended actions or information disclosure. Furthermore, the `valinor mail send` and `valinor board post` commands allow the agent to send arbitrary content, which could be abused for data exfiltration if the agent's LLM is compromised via prompt injection. Implement robust input sanitization and validation for messages processed by the agent, especially in `echo` mode. Avoid having the agent's LLM process its own output without strict controls. For `mail send` and `board post`, ensure the agent's decision-making process for sending content is secure against manipulation. | LLM | SKILL.md:100 | |
| INFO | Sensitive identity file stored locally The skill explicitly states that the agent's identity (a private key) is stored in `.valinor/id_ed25519`. While the skill itself does not exfiltrate this file, its presence makes it a critical asset that needs strong protection. Any compromise of the agent's host environment could lead to the theft of this identity, allowing impersonation and unauthorized actions. Ensure the `.valinor` directory and `id_ed25519` file have appropriate filesystem permissions (e.g., read-only for the agent, restricted access for others). Consider using hardware security modules (HSMs) or secure key management services for production environments to protect cryptographic keys. | LLM | SKILL.md:129 |
Scan History
Embed Code
[](https://skillshield.io/report/efbe2970e95a5b32)
Powered by SkillShield