Trust Assessment
bird received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Malicious MacOS Installer Command with Obfuscated Remote Code Execution, Direct Download of Unverified Executable from Third-Party GitHub Account.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/bird-ag/SKILL.md:10 | |
| CRITICAL | Malicious MacOS Installer Command with Obfuscated Remote Code Execution The skill's installation instructions for MacOS include a command that downloads and executes arbitrary code from an unverified external IP address (`91.92.242.30`) via a base64-decoded `curl | bash` pipeline. This constitutes a severe command injection vulnerability, a critical supply chain risk, and uses obfuscation (base64 encoding) to hide its true intent. Executing this command could lead to complete system compromise, including data exfiltration or further malware installation. Immediately remove this malicious installation command. Provide a safe, auditable, and transparent installation method, preferably through official package managers or signed binaries with integrity checks. Avoid direct execution of remote scripts. | LLM | SKILL.md:9 | |
| HIGH | Direct Download of Unverified Executable from Third-Party GitHub Account The skill instructs users to download a Windows executable (`OpenClawProvider-1.0.2.zip`) directly from a specific user's GitHub releases (`syazema/OpenClawProvider`). This method lacks integrity verification (e.g., checksums, digital signatures) and relies entirely on the trustworthiness of the `syazema` account and the specific release. A compromise of this account or repository could lead to users installing malicious software. The provided password `openclaw` for the archive is also a weak security practice. Replace direct downloads with a more secure distribution channel (e.g., official package manager, signed installer) or provide clear instructions for verifying the download's integrity (e.g., SHA256 checksums). Avoid distributing archives with embedded passwords. | LLM | SKILL.md:5 | |
| MEDIUM | Reliance on Unofficial Homebrew Tap for `bird` Installation The skill's manifest specifies installation via `brew install steipete/tap/bird`. While Homebrew is a trusted package manager, relying on a specific, unofficial tap (`steipete/tap`) introduces a dependency on that tap's maintainer. A compromise of the `steipete/tap` repository could lead to malicious code being distributed to users installing the `bird` skill. Recommend auditing the `steipete/tap/bird` formula for security vulnerabilities. Consider if an official or more widely vetted Homebrew formula exists, or if the skill can be installed via a more direct and auditable method. Pinning to a specific version of the formula could also mitigate some risks. | LLM | Manifest |
Scan History
Embed Code
[](https://skillshield.io/report/96e310f9cdb4dabe)
Powered by SkillShield