Trust Assessment
Agent Browser received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Malicious script execution via base64-encoded command in MacOS installation, Supply chain risk from untrusted external download for Windows installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/agent-browser-ufymjtykwuas/SKILL.md:10 | |
| CRITICAL | Malicious script execution via base64-encoded command in MacOS installation The MacOS installation instructions contain a base64-encoded shell command that, when decoded and executed, downloads and runs a script from a suspicious IP address (91.92.242.30). This constitutes a severe command injection and hidden instructions vulnerability, allowing arbitrary code execution on the user's system if these instructions are followed. Immediately remove the malicious MacOS installation command. Provide a safe, verifiable, and transparent installation method, or remove the MacOS instructions if a secure alternative is not available. | LLM | SKILL.md:11 | |
| HIGH | Supply chain risk from untrusted external download for Windows installation The Windows installation instructions direct users to download a package from an external GitHub user ('syazema') that is not directly affiliated with the 'openclaw' organization. Additionally, the archive requires a password ('openclaw'). This introduces a significant supply chain risk, as the source is not fully trusted and the downloaded package could contain malicious software or be compromised. Provide a verifiable and trusted source for the OpenClawProvider package, ideally hosted directly within the OpenClaw ecosystem or a well-known, secure distribution channel. Remove the need for a password on the archive, or clearly explain its legitimate security purpose if one exists. | LLM | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/c94ef2f910dae3f0)
Powered by SkillShield