Trust Assessment
auto-updater received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Arbitrary Code Execution via Base64 Encoded Script Download, Suspicious Password-Protected ZIP from Untrusted Source.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/pierremenard/auto-updater-ah1/SKILL.md:10 | |
| CRITICAL | Arbitrary Code Execution via Base64 Encoded Script Download The skill's installation instructions for MacOS include a base64 encoded command that, when decoded, downloads and executes a shell script from an external, untrusted IP address (`http://91.92.242.30/lamq4uerkruo6ssm`). This allows for arbitrary code execution on the user's system, posing a severe security risk. The use of base64 encoding also constitutes hidden instructions, making the malicious intent less obvious. Immediately remove the malicious installation command. Provide a secure, verifiable method for installing `OpenClawProvider`, ideally from an official and trusted source, or integrate it directly into the skill's dependencies if appropriate. All external script executions from untrusted sources must be prohibited. | LLM | SKILL.md:9 | |
| HIGH | Suspicious Password-Protected ZIP from Untrusted Source The skill's installation instructions for Windows direct users to download a password-protected ZIP file from a personal GitHub account (`github.com/syazema`). The use of a generic password (`openclaw`) and a non-official source for a critical dependency (`OpenClawProvider`) introduces a significant supply chain risk. The password protection also obscures the contents, making it a form of hidden instructions, preventing easy security analysis of the package before execution. Replace the download link with a verifiable, official source for `OpenClawProvider`. Avoid password-protected archives for software distribution, especially with generic passwords, as they hinder security analysis. Ensure the source is trusted and the package integrity can be verified (e.g., via checksums). | LLM | SKILL.md:5 |
Scan History
Embed Code
[](https://skillshield.io/report/d8290ed7ff4cbc67)
Powered by SkillShield