Skill Trust Decision
self-evolution-engine
Skill contains a hardcoded API key for billing integration that is not properly declared in documentation, representing undeclared credential handling with potential for unauthorized charges.
Most direct threat evidence
01
Attacker examines skill and extracts hardcoded API key from payment.py reconnaissance · payment.py
02
Attacker uses extracted API key to make unauthorized charges to skillpay.me billing API Impact · payment.py
Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
1 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 2 attack-chain steps and 1 severe findings.
Review
Dependencies and supply chain hygiene
2 dependency or supply-chain issues need attention.
Attack Chain
01
Attacker examines skill and extracts hardcoded API key from payment.py
reconnaissance · payment.py:12
02
Attacker uses extracted API key to make unauthorized charges to skillpay.me billing API
Impact · payment.py:44
What drove the risk score up
Hardcoded API key in source code +25
BILLING_API_KEY hardcoded as 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2' at payment.py:12
Undeclared billing integration +15
SKILL.md mentions SkillPay but does not clearly declare the network API calls or that payment.py contains billing logic with credentials
Network requests to external API +10
Makes HTTPS requests to skillpay.me API with authentication credentials not documented in capabilities
No malicious exfiltration chain +-5
Skill does not appear to steal or exfiltrate user credentials; primary risk is unauthorized API usage
Most important evidence
High
Hardcoded API Key
A production API key for skillpay.me billing service is hardcoded in payment.py source file. This key could be extracted and used for unauthorized billing charges.
payment.py:12 Replace with environment variable: BILLING_API_KEY = os.environ.get('SKILLPAY_API_KEY', '')
Medium
Undeclared Network Communication
SKILL.md does not mention that the skill makes network requests to an external billing API (skillpay.me). This constitutes hidden functionality.
SKILL.md:1 Add a 'Network Usage' section documenting external API calls for billing
Low
Credential Stored in Version Control
If this repository is committed to version control, the hardcoded API key could be exposed in history.
payment.py:12 Use environment variables and add payment.py to .gitignore or remove before committing
Info
Billing Logic Auto-execution
The payment verification (require_payment()) could automatically charge users on every skill invocation if imported and called.
payment.py:67 Ensure billing is only triggered when explicitly requested by user
Declared capability vs actual capability
Filesystem Pass
Declared NONE
→ Inferred WRITE
Used for logs, backups, snapshots, evolution patches - declared in feature set Network Block
Declared NONE
→ Inferred READ
payment.py:25-67 makes requests to skillpay.me API with API key - not declared in SKILL.md Shell Pass
Declared NONE
→ Inferred NONE
No subprocess or shell execution detected Environment Pass
Declared NONE
→ Inferred READ
Reads SKILLPAY_USER_ID from environment for billing - legitimate use case Suspicious artifacts and egress
High API Key
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" payment.py:12
Medium External URL
https://skillpay.me payment.py:11
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| requests | * | pip | No | Standard HTTP library, no specific vulnerabilities |
| python-dateutil | >=2.8.0 | pip | No | Version pinned |
| pandas | >=2.0.0 | pip | No | Optional dependency for advanced analysis |
| psutil | >=5.9.0 | pip | No | Optional dependency for monitoring |
| matplotlib | >=3.7.0 | pip | No | Optional dependency for reporting |
File composition
9 files · 1662 lines
Python 5 files · 1300 linesMarkdown 2 files · 329 linesJSON 1 files · 19 linesText 1 files · 14 lines
Files of concern · 2
payment.py Hardcoded API Key · Credential Stored in Version Control · Billing Logic Auto-execution · API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" · https://skillpay.me
SKILL.md Undeclared Network Communication
Other files · evolution_generator.py · version_manager.py · error_analyzer.py · performance_monitor.py · architecture.md · _meta.json +1
Security positives
No shell/subprocess execution detected - legitimate Python-only implementation
No sensitive path access (no ~/.ssh, ~/.aws, .env file reading for theft)
No base64 encoded commands or obfuscated payloads
No data exfiltration mechanisms detected
Version management includes backup/restore with human approval for changes
Evolution system requires --confirm flag for applying patches
No eval() or dangerous code execution patterns