Trust Assessment
wagmi received a trust score of 98/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Access to `process.env` for WalletConnect Project ID.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Access to `process.env` for WalletConnect Project ID The skill's example code demonstrates accessing `process.env.NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID` to retrieve a WalletConnect project ID. While variables prefixed with `NEXT_PUBLIC_` are typically intended for client-side exposure and are not considered highly sensitive secrets, the general pattern of accessing `process.env` could be a vector for data exfiltration if other, more sensitive environment variables were accessed or if the skill were executed in an environment with less restricted `process.env` access. If this skill were to be executed in a server-side or LLM environment, ensure that `process.env` access is strictly controlled and only whitelisted, non-sensitive variables are exposed. For client-side code, ensure that only truly public variables are prefixed with `NEXT_PUBLIC_`. | LLM | SKILL.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/776c403093a43fd6)
Powered by SkillShield