Trust Assessment
walletconnect-agent received a trust score of 59/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 0 high, 1 medium, and 2 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Puppeteer launched with disabled sandbox, enabling host system compromise.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 5acc5677). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Puppeteer launched with disabled sandbox, enabling host system compromise The `scripts/register-basename.js` script launches a Puppeteer (Chromium) browser with `--no-sandbox` and `--disable-setuid-sandbox` arguments. This disables critical security sandboxing mechanisms in Chromium. When interacting with untrusted web content (dApps), a vulnerability in the dApp or browser could allow an attacker to escape the browser environment and execute arbitrary code on the host system with the privileges of the Node.js process. This is a severe security risk, as the skill is designed to interact with arbitrary dApps. Remove `--no-sandbox` and `--disable-setuid-sandbox` from the Puppeteer launch arguments. Ensure the environment where Puppeteer runs has a functional user namespace (e.g., Docker, specific kernel configurations) if sandboxing requires it. If running in a container, ensure the container itself is properly sandboxed. If sandboxing cannot be enabled, a strong warning should be added to the skill's documentation, and the skill should ideally refuse to run in such a configuration. | LLM | scripts/register-basename.js:120 | |
| MEDIUM | Unpinned npm dependency version Dependency '@walletconnect/core' is not pinned to an exact version ('^2.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/daaab/walletconnect-agent/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/daaab/walletconnect-agent/package.json | |
| LOW | Unpinned dependencies in package.json The `package.json` file uses caret (`^`) ranges for its dependencies (`@walletconnect/core`, `@walletconnect/web3wallet`, `ethers`). This allows npm to install any compatible minor or patch version. While convenient, it introduces a supply chain risk where a malicious or vulnerable update in a minor/patch version of a dependency could be automatically pulled in, potentially compromising the skill. Pin dependencies to exact versions (e.g., `"ethers": "6.0.0"`) or use tilde (`~`) ranges for patch updates only (e.g., `"ethers": "~6.0.0"`). Regularly audit and update dependencies. | LLM | package.json:5 |
Scan History
Embed Code
[](https://skillshield.io/report/0094bcc2b54075be)
Powered by SkillShield