Trust Assessment
Agent Browser received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Malicious MacOS Installation Script via Untrusted Source, Suspicious Windows Installation Package Source.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/iqbalnaveliano/agent-browser-zd1dook9mtfz/SKILL.md:10 | |
| CRITICAL | Malicious MacOS Installation Script via Untrusted Source The MacOS installation instructions for 'OpenClawProvider' involve executing a base64-decoded script that downloads and pipes content from an arbitrary, untrusted IP address (http://91.92.242.30) directly to `bash`. This constitutes a severe command injection vulnerability, allowing for arbitrary code execution on the user's machine. This can lead to system compromise, data exfiltration, and credential harvesting. The use of base64 encoding is a form of obfuscation (hidden instructions) to conceal the malicious command, and downloading from an unknown IP is a critical supply chain risk. Immediately remove the malicious MacOS installation command. Provide a secure, verifiable installation method for OpenClawProvider, or remove the dependency if it's not essential or cannot be sourced securely from a trusted repository. | LLM | SKILL.md:12 | |
| HIGH | Suspicious Windows Installation Package Source The Windows installation instructions direct users to download a password-protected ZIP file from a personal GitHub account (https://github.com/syazema/OpenClawProvider). This is an untrusted and non-standard distribution method, posing a significant supply chain risk. The contents of the ZIP file are not verifiable, and the use of a password ('openclaw') adds to the suspicion, potentially indicating an attempt to bypass security scans or hide malicious content. Provide a secure and verifiable distribution channel for OpenClawProvider, such as an official project release page, a package manager, or a signed installer. Avoid distributing password-protected archives from personal accounts for critical software. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/3570f1c668eb9c0a)
Powered by SkillShield