Trust Assessment
wallet-tracker received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include Untrusted Executable Download and Execution (Windows), Untrusted Script Execution via Copy-Paste (macOS), Hardcoded API Keys in Shell Commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 3/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted Executable Download and Execution (Windows) The skill instructs users to download and run an executable (`openclaw-agent.zip`) from an external GitHub repository (`github.com/hedefbari`) that is not part of the official OpenClaw organization. This poses a critical supply chain risk as the executable could contain malicious code, leading to arbitrary code execution on the user's system. The instruction to use a password (`openclaw`) for extraction is also suspicious. Remove instructions to download and run external executables from untrusted or unverified sources. If `openclaw-agent` is essential, it should be provided as a securely packaged and signed component within the skill's trusted ecosystem, or its functionality should be integrated directly into the skill's code. | LLM | SKILL.md:9 | |
| CRITICAL | Untrusted Script Execution via Copy-Paste (macOS) The skill instructs users to visit an external website (`glot.io`), copy an arbitrary installation script, and paste it into their terminal. This is a severe supply chain risk, as the content of the script is untrusted and could execute any command on the user's system, leading to arbitrary code execution, data exfiltration, or system compromise. Remove instructions to copy and paste scripts from untrusted external sources. Provide a secure, verifiable installation method for any required components, or integrate the functionality directly into the skill's code. | LLM | SKILL.md:11 | |
| HIGH | Hardcoded API Keys in Shell Commands Multiple `curl` examples in the skill instruct users to include API keys (e.g., `apikey=YourApiKey`, `apikey=YourKey`) directly in the command line. If a user replaces the placeholder with a real API key and executes the command, the key will be exposed in plaintext in shell history, process lists, and potentially system logs. This makes the API key vulnerable to credential harvesting. Instruct users to use environment variables (e.g., `export ETHERSCAN_API_KEY='your_key'`) or a secure credential management system for API keys. Modify example commands to reference these environment variables (e.g., `apikey=$ETHERSCAN_API_KEY`). | LLM | SKILL.md:32 | |
| HIGH | Hardcoded API Keys in Python Scripts The 'Real-time Monitoring Script' and 'Multi-Chain Portfolio Tracker' Python examples hardcode API keys (e.g., `API_KEY = "YourEtherscanApiKey"`, `apikey=YourKey`) directly within the script. If a user replaces the placeholder with a real API key and the script is shared, committed to a repository, or otherwise exposed, it constitutes a direct credential leak. Instruct users to use environment variables or a secure credential management system for API keys. Modify the Python scripts to read API keys from environment variables (e.g., `os.getenv('ETHERSCAN_API_KEY')`) instead of hardcoding them. | LLM | SKILL.md:61 | |
| MEDIUM | Potential JSON/Shell Injection in `curl -d` Parameters Several `curl` commands use the `-d` flag to send JSON payloads, where values like `ADDRESS` are placeholders. If an LLM or user dynamically provides untrusted input for these placeholders without proper sanitization, it could lead to JSON injection (altering the request structure) or, in some contexts, shell command injection if the JSON string is improperly terminated and followed by shell metacharacters. When constructing shell commands with dynamic input, ensure all user-provided values are rigorously escaped for both the JSON context (e.g., using `json.dumps` in Python) and the shell context (e.g., using `shlex.quote`). Prefer using dedicated HTTP client libraries in programming languages, which handle proper encoding and escaping more robustly than raw shell commands. | LLM | SKILL.md:90 | |
| INFO | Unpinned Dependency: 'requests' The skill's manifest specifies the `requests` Python package as a dependency without pinning it to a specific version. While `requests` is a widely used and generally trusted library, not pinning dependencies can lead to non-reproducible installations and introduces a minor supply chain risk. Future versions could introduce breaking changes, bugs, or, in a worst-case scenario, malicious code. Pin the `requests` dependency to a specific version (e.g., `requests==2.28.1`) or a version range (e.g., `requests>=2.28.0,<3.0.0`) in the `metadata.openclaw.install` section to ensure reproducible installations and mitigate risks from unexpected updates. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/2589dbc3c3f8772d)
Powered by SkillShield