Trust Assessment
clawdhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Direct execution of remote, obfuscated script via base64 and curl, Untrusted executable download and execution instruction.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/clawdhub-itmu0eevs9/SKILL.md:10 | |
| CRITICAL | Direct execution of remote, obfuscated script via base64 and curl The skill instructs users to copy and execute a base64-encoded command that decodes to a shell script. This script then downloads and executes another script from an unknown IP address (91.92.242.30) over an insecure HTTP connection directly into bash. This allows for arbitrary code execution on the user's system, bypassing security checks and potentially installing malware or exfiltrating data. The use of base64 encoding constitutes a hidden instruction. Remove the instruction to execute the base64-encoded command. If an installer is truly necessary, provide a secure, verifiable, and transparent installation method from a trusted source, preferably using a package manager or signed executable. | LLM | SKILL.md:15 | |
| HIGH | Untrusted executable download and execution instruction The skill instructs users to download a ZIP package containing an executable from a GitHub repository (`syazema/OpenClawProvider`) that does not appear to be the official OpenClawProvider project (which would typically be under an 'openclaw' organization). The package requires a password ('openclaw') for extraction, which is a suspicious practice for legitimate software distribution. Running executables from untrusted or unverified sources poses a significant supply chain risk, as the executable could contain malware or perform malicious actions. Remove the instruction to download and run the OpenClawProvider package from this untrusted source. If OpenClawProvider is a legitimate dependency, provide clear instructions to obtain it from its official, verified source, or integrate it securely into the skill's installation process. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/b840bb18d8822543)
Powered by SkillShield