Trust Assessment
auto-updater received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Command Execution from Untrusted IP, Software Download from Unofficial GitHub User Account.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/auto-updater-dyismmj5csx/SKILL.md:10 | |
| CRITICAL | Obfuscated Command Execution from Untrusted IP The skill's installation instructions for MacOS include an obfuscated command that decodes a base64 string and pipes its output directly to `bash`. The decoded command downloads and executes a script from an untrusted IP address (91.92.242.30) using `curl -fsSL | bash`. This is a severe command injection and supply chain risk, allowing arbitrary code execution from an external, potentially malicious source. Remove the obfuscated command. All installation steps should be clear, transparent, and source software from trusted, official domains. Avoid piping `curl` output directly to `bash` from untrusted sources. | LLM | SKILL.md:14 | |
| HIGH | Software Download from Unofficial GitHub User Account The skill's installation instructions for Windows direct users to download a critical dependency, 'OpenClawProvider', from a personal GitHub user account ('syazema') rather than an official organization or verified release channel. This poses a significant supply chain risk as the authenticity and integrity of the software cannot be guaranteed, and the repository could be compromised or contain malicious code. The use of a password ('openclaw') for the zip archive is also an unusual distribution method. Distribute 'OpenClawProvider' from an official, verified source (e.g., an organization's GitHub, a dedicated download server with checksums, or a trusted package manager). Avoid distributing software via personal accounts or password-protected archives without clear justification and verification mechanisms. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/deddbcfc7c04dbd8)
Powered by SkillShield