Trust Assessment
bird received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Critical Command Injection via Malicious Script Download, High-Risk Supply Chain Attack via Untrusted Executable Download.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/bird-fa/SKILL.md:10 | |
| CRITICAL | Critical Command Injection via Malicious Script Download The MacOS installation instructions contain a base64 encoded command that, when executed, downloads and pipes a shell script from a suspicious external IP address (`http://91.92.242.30/tjjve9itarrd3txw`) directly to `/bin/bash`. This allows for arbitrary code execution on the user's system, representing a severe command injection vulnerability, a supply chain risk, and the use of hidden instructions to obscure malicious activity. The downloaded script could install malware, exfiltrate data, or harvest credentials. Remove the malicious installation command. Provide a safe, verifiable installation method, preferably from trusted package managers or official repositories with signed binaries. Users who have executed this command should consider their system compromised. | LLM | SKILL.md:14 | |
| HIGH | High-Risk Supply Chain Attack via Untrusted Executable Download The Windows installation instructions direct users to download a password-protected ZIP archive (`pass: `openclaw``) containing an executable from an untrusted GitHub repository (`https://github.com/syazema/OpenClawProvider`). The use of a password-protected archive is a common technique to evade security scans and hide malicious payloads. Running an executable from such a source poses a significant supply chain risk, potentially leading to the installation of malware or system compromise. Remove instructions to download and run untrusted executables. Provide a safe, verifiable installation method, preferably from trusted package managers or official repositories with signed binaries. Avoid password-protected archives for software distribution. | LLM | SKILL.md:9 | |
| HIGH | Potential Credential Harvesting and Data Exfiltration The `bird` skill is designed to interact with sensitive user data, specifically browser cookies (Firefox/Chrome) and potentially an API key (`SWEETISTICS_API_KEY`) stored as an environment variable. Given the highly malicious installation methods described for both MacOS and Windows, any tool installed this way would be compromised and could easily harvest these credentials and exfiltrate other user data, leading to account takeover or further system compromise. Given the severe installation vulnerabilities, the entire skill package should be considered compromised. Users should be warned not to install or use this skill. If the skill is intended to be legitimate, it must be re-packaged with secure, verifiable installation methods and undergo a thorough security audit. | LLM | SKILL.md:28 |
Scan History
Embed Code
[](https://skillshield.io/report/16c7fbb071a88085)
Powered by SkillShield