Trust Assessment
x-followers-followings-teneo received a trust score of 74/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned critical dependency '@teneo-protocol/sdk', Reliance on external SDK for sensitive wallet operations.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned critical dependency '@teneo-protocol/sdk' The installation instructions recommend installing `@teneo-protocol/sdk` without specifying a version. This allows for potential supply chain attacks where a malicious update to the package could be automatically installed, leading to compromise of the user's wallet or data. It is crucial to pin dependencies to specific, known-good versions to prevent such risks. Pin the dependency to a specific, known-good version (e.g., `npm install @teneo-protocol/sdk@1.0.0 dotenv`). Regularly audit and update the pinned version after verifying its integrity. | LLM | SKILL.md:77 | |
| HIGH | Reliance on external SDK for sensitive wallet operations The skill requires users to set up an Ethereum wallet and relies on the `@teneo-protocol/sdk` for 'wallet authentication' and signing USDC transactions. While the skill claims the SDK is open source and credentials are never transmitted or stored, the SDK is an external dependency. A vulnerability or malicious design within the SDK could lead to credential harvesting, unauthorized transaction signing, or data exfiltration. Users must implicitly trust the security of this external SDK for critical financial operations. Users should thoroughly audit the source code of `@teneo-protocol/sdk` before use, especially the parts related to wallet interaction. The skill developer should provide clear instructions and warnings about the security implications of integrating a wallet with an external SDK, and ideally provide audit reports for the custom SDK. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/6fbaae0da2180dfa)
Powered by SkillShield