Trust Assessment
WalletPilot received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via Action Arguments, Supply Chain Risk via Plugin Architecture for Wallet Adapters, Inherent High Permissions for Browser Wallet Automation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Action Arguments The skill defines actions like `connect <dapp-url>` and `sign <message>` that accept arbitrary user-provided strings. If the underlying implementation of these actions (not provided in this documentation) directly interpolates these arguments into shell commands, `eval`, or `subprocess` calls without robust sanitization, a malicious agent or user could inject arbitrary commands. For example, a crafted `<dapp-url>` or `<message>` could execute system commands on the host system. Ensure all user-provided arguments for skill actions are strictly validated and sanitized before being used in any system calls, `eval`, or `subprocess` execution. Prefer using dedicated API calls or libraries over shell commands for sensitive operations. If shell commands are unavoidable, use parameterized execution or escape all user input. | LLM | SKILL.md:89 | |
| HIGH | Supply Chain Risk via Plugin Architecture for Wallet Adapters The skill's documentation explicitly describes a plugin architecture for adding new wallets, encouraging users to 'Create a new adapter' and 'Implement the `WalletAdapter` interface'. This mechanism introduces a significant supply chain risk. If users or developers integrate unvetted or malicious third-party wallet adapters, these plugins could gain control over the agent's wallet, bypass security guardrails, exfiltrate sensitive data (like private keys or transaction logs), or execute arbitrary code within the skill's environment. Implement a robust vetting process for third-party wallet adapters. Provide clear security guidelines for adapter development. Consider sandboxing or isolating adapter execution environments. Explicitly warn users about the risks of installing unverified adapters. Implement strict input validation and output sanitization for all adapter interactions. | LLM | SKILL.md:138 | |
| MEDIUM | Inherent High Permissions for Browser Wallet Automation The skill's core purpose is 'Universal browser wallet automation,' which inherently requires broad control over a browser instance and direct interaction with sensitive web applications (dapps) and crypto wallets. While the documentation highlights 'Isolated Profile' and 'Configurable guardrails' (spend limits, allowed chains/protocols), the fundamental permissions required by such a skill are very high. A misconfiguration of guardrails, a bypass vulnerability, or an exploit in the underlying browser automation framework (Playwright) could lead to significant financial loss or compromise of the agent's wallet. Continuously review and strengthen the guardrail implementation. Ensure the isolated browser profile is truly isolated and hardened. Provide clear warnings to users about the inherent risks of granting an AI agent control over a wallet, even with guardrails. Regularly audit the Playwright usage and browser interaction logic for potential vulnerabilities. | LLM | SKILL.md:19 |
Scan History
Embed Code
[](https://skillshield.io/report/4cebc781bcc949d2)
Powered by SkillShield