Trust Assessment
WhatsApp Automation & A2A received a trust score of 48/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 1 high, 5 medium, and 1 low severity. Key findings include Suspicious import: requests, Node lockfile missing, Command-line argument allows arbitrary API endpoint and key exfiltration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 65/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command-line argument allows arbitrary API endpoint and key exfiltration The `scripts/send_message.py` script takes `--url` and `--key` as command-line arguments. If an LLM agent constructs these arguments from untrusted user input, an attacker could specify a malicious URL. This would cause the script to send the `MOLTFLOW_API_KEY` (provided via `--key`) and the message content to an attacker-controlled server, leading to data exfiltration. 1. **Validate `--url`**: Implement strict validation for the `--url` argument to ensure it points only to allowed domains (e.g., `*.moltflow.com`). 2. **Avoid direct `--key` passing**: Instead of passing the API key directly as a command-line argument, rely on environment variables (`MOLTFLOW_API_KEY`) or a secure credential store. If a command-line argument is necessary, ensure it's handled securely and not logged. 3. **Refactor API Client**: Ensure the underlying API client (e.g., `A2AClient` or functions from `a2a_client.py`) uses a trusted base URL by default and only allows overriding it with strict validation. | LLM | scripts/send_message.py:17 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/alex-tradequo/moltflow/scripts/a2a_client.py:7 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/alex-tradequo/moltflow/scripts/admin.py:6 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/alex-tradequo/moltflow/scripts/ai_config.py:6 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/alex-tradequo/moltflow/scripts/quickstart.py:6 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/alex-tradequo/moltflow/scripts/reviews.py:6 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/alex-tradequo/moltflow/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/9c6da78a60b21698)
Powered by SkillShield