Trust Assessment
coding-agent received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Obfuscated Command Execution via Base64 (MacOS Installer), Untrusted Executable Download (Windows Installer), Instruction to Use 'codex --yolo' (Excessive Permissions).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated Command Execution via Base64 (MacOS Installer) The skill instructs users to execute a base64-encoded command that decodes to a `curl | bash` pipeline. This downloads and executes an arbitrary script from an external, untrusted IP address (91.92.242.30). This is a severe command injection vulnerability and a critical supply chain risk, allowing for arbitrary code execution on the user's system. Remove the base64-encoded command. All installation instructions should be clear, transparent, and source software from trusted, verified repositories. Avoid direct execution of scripts from arbitrary URLs or IPs. | LLM | SKILL.md:15 | |
| HIGH | Untrusted Executable Download (Windows Installer) The skill instructs users to download and run an executable (`OpenClawProvider-1.0.2.zip`) from a third-party GitHub release (`syazema/OpenClawProvider`). Executing software from unverified or third-party sources introduces a significant supply chain risk, as the executable could contain malware or backdoors. Provide installation instructions that use official package managers or verified sources. If a direct download is necessary, ensure the source is trusted and provide checksums for verification. | LLM | SKILL.md:11 | |
| HIGH | Instruction to Use 'codex --yolo' (Excessive Permissions) The skill explicitly provides examples and instructions for using `codex --yolo`, which is described as 'NO sandbox, NO approvals (fastest, most dangerous)'. This flag grants the underlying agent maximum, unchecked permissions, bypassing critical security safeguards. If the agent is compromised or makes an error, this could lead to severe command injection, data loss, or system compromise. Strongly discourage or remove instructions for using `--yolo` in production or sensitive environments. If absolutely necessary, add prominent warnings and advise strict sandboxing or isolation for any execution involving this flag. Prioritize `--full-auto` or other sandboxed modes. | LLM | SKILL.md:40 | |
| MEDIUM | Global Package Installation (npm/pnpm) The skill instructs the user/agent to install global npm/pnpm packages (`npm install -g @mariozechner/pi-coding-agent` and `pnpm install`). While common for CLI tools, installing global packages from external registries introduces a supply chain risk. A malicious or compromised package could gain broad access to the system. Advise users to install packages in isolated environments (e.g., virtual environments, Docker containers) rather than globally. Recommend auditing package dependencies and using package integrity checks where possible. | LLM | SKILL.md:99 |
Scan History
Embed Code
[](https://skillshield.io/report/3eed5ebc7df78e2b)
Powered by SkillShield