Trust Assessment
wallet-tracker received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include Untrusted macOS Installation Script from Third-Party Snippet Host, Unverified Binary Download from Unpinned External GitHub Release, Unpinned Python Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted macOS Installation Script from Third-Party Snippet Host The skill instructs users to visit an external, third-party code snippet hosting service (glot.io), copy an unknown script, and execute it directly in their terminal. This is an extremely high supply chain risk as the content of the script is entirely untrusted, unverified, and can change at any time, allowing for arbitrary code execution on the user's machine. This violates the principle of least privilege and introduces a critical vulnerability. Do not instruct users to execute arbitrary scripts from third-party snippet sites. If an installation script is necessary, include it directly within the skill package, sign it, and provide clear instructions for review and verification. Provide a cryptographic hash for the expected script content. | LLM | SKILL.md:10 | |
| HIGH | Unverified Binary Download from Unpinned External GitHub Release The skill instructs users to download an executable (`openclaw-agent.zip`) from an unverified third-party GitHub repository (`hedefbari/openclaw-agent`). The download uses the 'latest' tag, meaning it's not pinned to a specific version or cryptographic hash, making it vulnerable to changes by the repository owner or if the account is compromised. Executing arbitrary binaries from unverified sources is a significant supply chain risk. The instruction to 'extract using pass: `openclaw`' is also unusual for public releases. Provide a cryptographic hash (e.g., SHA256) for the expected `openclaw-agent.zip` file to allow users to verify its integrity. Pin to a specific version tag instead of `latest`. Ideally, host the binary in a more trusted, controlled environment or provide source code for compilation. Explain the purpose and functionality of `openclaw-agent` more thoroughly. | LLM | SKILL.md:7 | |
| LOW | Unpinned Python Dependency The `requests` Python package is listed as a dependency in the manifest without a pinned version. This can lead to non-deterministic builds and potential compatibility issues. In a worst-case scenario, a malicious update to a future version of `requests` could be automatically installed, though this risk is mitigated by the skill being primarily documentation/examples. Pin the `requests` dependency to a specific version (e.g., `requests==2.28.1`) to ensure deterministic installations and prevent unexpected behavior from future updates. | LLM | Manifest (frontmatter JSON):1 |
Scan History
Embed Code
[](https://skillshield.io/report/bbcf8156d0a52143)
Powered by SkillShield