Trust Assessment
xian-node received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 2 high, 3 medium, and 1 low severity. Key findings include Suspicious import: urllib.request, Unpinned Git Repository Clone, Unpinned Python Package Installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 54/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Git Repository Clone The skill instructs users to clone `https://github.com/xian-network/xian-stack.git` without specifying a particular commit hash or tag. This means the skill relies on the latest state of the `mainnet` branch, which can change over time. An attacker gaining control of the `xian-network/xian-stack` repository could inject malicious code that would be executed by users following these instructions, leading to a supply chain attack. Update the `git clone` command to specify a fixed commit hash or a signed tag (e.g., `git clone https://github.com/xian-network/xian-stack.git --branch <TAG_OR_COMMIT_HASH>`). | LLM | SKILL.md:29 | |
| HIGH | Private Key Passed as Command Line Argument The skill instructs users to pass a validator private key directly as a command-line argument (`--validator-privkey "<your-privkey>"`) to the `make configure` command. Command-line arguments can be visible in process lists (`ps aux`), stored in shell history files, and logged by system monitoring tools, making the private key vulnerable to exposure. Advise users to avoid passing sensitive credentials directly on the command line. Instead, recommend using environment variables, secure input prompts, or reading the key from a file with restricted permissions. | LLM | SKILL.md:49 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/endogen/xian-node-skill/scripts/node_status.py:7 | |
| MEDIUM | Unpinned Python Package Installation The skill instructs users to install the `xian-py` Python package using `pip install xian-py` without specifying a version. This can lead to installing a newer, potentially incompatible, or even malicious version if the package maintainer's account or the PyPI repository is compromised. Pin the `xian-py` package to a specific, known-good version (e.g., `pip install xian-py==X.Y.Z`). | LLM | SKILL.md:190 | |
| MEDIUM | Private Key Printed to Standard Output by Generation Script The `scripts/generate_validator_key.py` script, when executed, prints the newly generated private key directly to standard output. While this is its intended function for the user to retrieve the key, it means the key is visible in the terminal, can be captured in terminal logs, or potentially accessed by other processes monitoring stdout. This increases the risk of accidental exposure. For production or highly sensitive use cases, consider modifying the script to write the private key directly to a file with appropriate restrictive permissions (e.g., `chmod 600`), or to a secure vault, rather than printing it to stdout. Add a prominent warning to the user about the sensitivity of the output. | LLM | scripts/generate_validator_key.py:49 | |
| LOW | Unpinned Python Package Dependency Suggestion The `scripts/generate_validator_key.py` script suggests installing `pynacl` without specifying a version. While not a direct command in the main skill, it's a dependency for a core utility. This could lead to installing a vulnerable or malicious version if the PyPI repository or package maintainer is compromised. If `pynacl` is a required dependency, it should be explicitly listed with a pinned version in a `requirements.txt` file or similar dependency management system for the skill. | LLM | scripts/generate_validator_key.py:12 |
Scan History
Embed Code
[](https://skillshield.io/report/2555ac5519f1e682)
Powered by SkillShield