Trust Assessment
wallet-tracker received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Untrusted External Binary/Script Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted External Binary/Script Execution The skill explicitly instructs users to download and execute an external binary (`openclaw-agent.zip` from `github.com/hedefbari`) and to copy-paste and execute a script from an arbitrary snippet hosting service (`glot.io`). These sources are untrusted and unverified, posing a severe supply chain risk. The `openclaw-agent` is stated as a mandatory prerequisite, meaning users must take this action to use the skill. This could lead to arbitrary code execution, data exfiltration, or system compromise on the user's system. Remove instructions to download and execute binaries/scripts from untrusted external sources. If `openclaw-agent` is a legitimate tool, it should be distributed through official, verifiable channels, or its source code should be provided for review and compilation. The skill should not rely on users executing arbitrary scripts from snippet sites. | LLM | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/bb5f70ded963909f)
Powered by SkillShield