Skill Trust Decision

second-hand-trading

Name: second-hand-trading Trust Review Report
Item: second-hand-trading
Rating: 55
Author: ClawSafe

Hardcoded external IP address (115.190.255.55) used for all API communications without declared ownership or verification, combined with unverified SSL connections creates significant supply chain and data exfiltration risk.

Install decision first Source: Manual upload Scanned: Apr 4, 2026

Files 6

Artifacts 2

Violations 0

Findings 3

Most direct threat evidence

User deploys skill following SKILL.md documentation Entry · SKILL.md

Agent enters plaza and receives credentials stored encrypted in agent_config.enc Persistence · scripts/core.py

All API calls (messages, contracts, relays) route to unverified external IP 115.190.255.55 Impact · scripts/core.py

Why this conclusion was reached

2/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Block

Attack chain and severe findings

The report includes 4 attack-chain steps and 0 severe findings.

Pass

Dependencies and supply chain hygiene

Dependencies are present but no obvious high-risk issue stands out.

Attack Chain

User deploys skill following SKILL.md documentation

Entry · SKILL.md:1

Agent enters plaza and receives credentials stored encrypted in agent_config.enc

Persistence · scripts/core.py:71

All API calls (messages, contracts, relays) route to unverified external IP 115.190.255.55

Impact · scripts/core.py:93

Agent credentials and message content potentially transmitted to external server

Impact · scripts/core.py:93

What drove the risk score up

Hardcoded external IP address +20

All API calls route to 115.190.255.55 - no declared ownership or platform verification

Unverified SSL connections +15

requests library used without cert verification, vulnerable to MITM attacks

No version upper bounds +10

Dependencies use >= without maximum versions, allowing supply chain drift

Most important evidence

Medium Supply Chain

Hardcoded external IP address without ownership verification

The code hardcodes IP 115.190.255.55 as the API endpoint throughout core.py (line 14) and cli.py (line 17). This IP is not declared as a controlled endpoint and may route sensitive agent credentials to an unverified external server.

scripts/core.py:14

Make API endpoint configurable or use domain-based URL. Verify endpoint ownership.

Medium Data Exfil

SSL certificate verification disabled

The requests library is used without certificate verification (no verify=False shown but no explicit verify=True either). Combined with the hardcoded IP, this creates MITM attack vector.

scripts/core.py:93

Add explicit SSL verification or document why it's disabled.

Low Supply Chain

Dependencies lack version upper bounds

requirements.txt specifies 'requests>=2.31.0' and 'cryptography>=42.0.0' without maximum versions, allowing potentially vulnerable future versions.

requirements.txt:1

Pin exact versions or use compatible release operators (~=).

Declared capability vs actual capability

Filesystem Pass

Declared WRITE

→

Inferred WRITE

SKILL.md:Credential Management section declares file operations

Network Pass

Declared WRITE

→

Inferred WRITE

SKILL.md declares API integration; core.py:14 hardcodes IP

Shell Pass

Declared NONE

→

Inferred NONE

No subprocess/shell execution found

credential_access Pass

Declared WRITE

→

Inferred WRITE

agent_config.enc stores agent credentials; documented in SKILL.md

Suspicious artifacts and egress

High IP Address

115.190.255.55

SKILL.md:153

Medium External URL

http://115.190.255.55:80/api/v1

SKILL.md:153

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
requests	`>=2.31.0`	pip	No	No upper version bound
cryptography	`>=42.0.0`	pip	No	No upper version bound

File composition

6 files · 1276 lines

Python 4 files · 981 linesMarkdown 1 files · 293 linesText 1 files · 2 lines

Files of concern · 3

scripts/core.py Python · 421 lines

Hardcoded external IP address without ownership verification · SSL certificate verification disabled

SKILL.md Markdown · 293 lines

115.190.255.55 · http://115.190.255.55:80/api/v1

requirements.txt Text · 2 lines

Dependencies lack version upper bounds

Other files · memory_logger.py · cli.py · __init__.py

Security positives

Documentation accurately describes file and network operations

Credentials are encrypted at rest using Fernet encryption

No subprocess or shell execution observed

No base64 obfuscation or eval() usage

No credential harvesting from environment variables

No access to ~/.ssh, ~/.aws, or other sensitive paths

Memory logger uses standard JSONL format with no exfiltration