Skill Trust Decision
security-defense-line
Skill contains hardcoded API key in payment.py and undeclared network access for billing integration. While no malicious behavior observed, the hardcoded credential represents significant supply chain risk.
Most direct threat evidence
High Credential Theft
Hardcoded API Key in Source Code A valid-looking API key is hardcoded directly in payment.py line 12. This is a supply chain security risk as the key could be extracted and abused.
payment.py:12 Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 1 severe findings.
Review
Dependencies and supply chain hygiene
1 dependency or supply-chain issues need attention.
What drove the risk score up
Hardcoded API key in source code +25
BILLING_API_KEY hardcoded at payment.py:12 with value 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2'
Undeclared network access +15
payment.py makes HTTP requests to skillpay.me but network:READ is not declared in SKILL.md capability map
Documentation mismatch +5
SKILL.md mentions SkillPay but doesn't explicitly declare required network permissions
Most important evidence
High Credential Theft
Hardcoded API Key in Source Code
A valid-looking API key is hardcoded directly in payment.py line 12. This is a supply chain security risk as the key could be extracted and abused.
payment.py:12 Move API key to environment variable: os.environ.get('SKILLPAY_API_KEY') or use a secrets manager
Medium Doc Mismatch
Undeclared Network Access
The skill makes HTTP requests to external service skillpay.me but network access is not declared in SKILL.md capability declarations.
payment.py:26 Add network:READ and network:WRITE to declared capabilities if network access is required
Medium Supply Chain
Unpinned Dependencies
The skill uses requests library without version pinning. requests==2.31.0 is recommended.
payment.py:3 Pin requests to specific version: requests==2.31.0
Declared capability vs actual capability
Filesystem Pass
Declared NONE
→ Inferred NONE
No file operations found Network Block
Declared NONE
→ Inferred READ
payment.py:26-45 makes HTTP requests to skillpay.me Shell Pass
Declared NONE
→ Inferred NONE
SKILL.md shows bash examples but scripts use no shell:WRITE Environment Block
Declared NONE
→ Inferred READ
payment.py:60 reads SKILLPAY_USER_ID from os.environ Suspicious artifacts and egress
High API Key
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" payment.py:12
Medium External URL
https://suspicious-site.com SKILL.md:106
Medium External URL
https://skillpay.me payment.py:11
Medium External URL
https://swcregistry.io/ references/contract-auditing.md:238
Medium External URL
https://consensys.github.io/smart-contract-best-practices/ references/contract-auditing.md:239
Medium External URL
https://docs.openzeppelin.com/contracts/ references/contract-auditing.md:240
Medium External URL
https://www.certora.com/ references/contract-auditing.md:241
Medium External URL
https://swcregistry.io/docs/SWC-107 scripts/contract_auditor.py:160
Medium External URL
https://consensys.github.io/smart-contract-best-practices/attacks/reentrancy/ scripts/contract_auditor.py:161
Medium External URL
https://swcregistry.io/docs/SWC-104 scripts/contract_auditor.py:164
Medium External URL
https://swcregistry.io/docs/SWC-115 scripts/contract_auditor.py:167
Medium External URL
https://docs.soliditylang.org/en/v0.8.0/080-breaking-changes.html scripts/contract_auditor.py:190
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| requests | * | pip | No | Version not pinned, no known vulnerabilities |
File composition
10 files · 2745 lines
Python 7 files · 2081 linesMarkdown 2 files · 645 linesJSON 1 files · 19 lines
Files of concern · 8
scripts/phishing_detector.py https://uniswap.org · https://uniswop.org · https://claim-free-tokens.xyz · https://ethereum.org
scripts/contract_auditor.py https://swcregistry.io/docs/SWC-107 · https://consensys.github.io/smart-contract-best-practices/attacks/reentrancy/ · https://swcregistry.io/docs/SWC-104 · https://swcregistry.io/docs/SWC-115 · https://docs.soliditylang.org/en/v0.8.0/080-breaking-changes.html
scripts/tx_validator.py 0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D
scripts/multisig_manager.py 0x1111111111111111111111111111111111111111 · 0x2222222222222222222222222222222222222222 · 0x3333333333333333333333333333333333333333
scripts/wallet_guardian.py 0x0000000000000000000000000000000000000000 · 0xdead00000000000000000000000000000000dead
SKILL.md https://suspicious-site.com
references/contract-auditing.md https://swcregistry.io/ · https://consensys.github.io/smart-contract-best-practices/ · https://docs.openzeppelin.com/contracts/ · https://www.certora.com/
payment.py Hardcoded API Key in Source Code · Undeclared Network Access · Unpinned Dependencies · API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" · https://skillpay.me
Other files · incident_responder.py · _meta.json
Security positives
No credential harvesting from sensitive paths (~/.ssh, ~/.aws, .env)
No base64-encoded execution or obfuscation detected
No curl|bash remote script execution
No reverse shell attempts or C2 communication
No access to private keys or mnemonic phrases in actual code
Scripts are primarily mock implementations for security analysis
SKILL.md mentions payment integration transparently