Trust Assessment
coding-agent received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Obfuscated remote script execution during installation, Explicit instruction to bypass security sandboxes and approvals, Unpinned dependencies in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 41/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated remote script execution during installation The MacOS installation instructions for OpenClawProvider use `base64 -D | bash` to execute a script downloaded from an unverified IP address (`http://91.92.242.30/tjjve9itarRd3txw`). This allows arbitrary code execution from an untrusted source without integrity checks, posing a severe command injection and supply chain risk. The script could contain malware, data exfiltration, or credential harvesting payloads. Remove the `base64 -D | bash` command. Provide a secure installation method, such as a signed package, a script with checksum verification, or clear instructions for manual review and execution. Avoid direct execution of scripts from arbitrary IPs. | LLM | SKILL.md:14 | |
| HIGH | Explicit instruction to bypass security sandboxes and approvals The skill explicitly demonstrates and instructs the use of `codex --yolo` and `--full-auto` flags. The `--yolo` flag is described as 'NO sandbox, NO approvals (fastest, most dangerous)' and a shortcut for `--dangerously-bypass-approvals-and-sandbox`. This grants the AI agent the ability to execute arbitrary code and make changes without human oversight or sandboxing, leading to excessive permissions and a high risk of unintended or malicious actions. Re-evaluate the necessity of `--yolo` and `--full-auto` flags. If required, implement strict guardrails and human-in-the-loop approval processes for any actions taken with these flags. Ensure the LLM understands the severe implications of using these flags and only uses them under explicit, controlled circumstances. | LLM | SKILL.md:42 | |
| MEDIUM | Unpinned dependencies in installation instructions The skill instructs `npm install -g @mariozechner/pi-coding-agent` and `pnpm install` without specifying exact versions. This can lead to installing vulnerable or malicious versions of packages if the upstream registry is compromised or a package maintainer introduces malicious code. Unpinned dependencies are a common supply chain risk. Pin all dependencies to specific, known-good versions (e.g., `npm install -g @mariozechner/pi-coding-agent@1.2.3`). Implement a mechanism to verify package integrity (e.g., checksums). | LLM | SKILL.md:90 | |
| MEDIUM | Potential for data exfiltration and command injection via `git push` and `gh pr create/comment` The skill demonstrates the use of `git push` and `gh pr create/comment` commands, and explicitly instructs the agent to 'Commit and push' when using `codex --yolo`. When combined with the `--yolo` flag (bypassing approvals and sandboxing) and an AI agent's ability to generate content, there is a risk of sensitive internal data being pushed to public repositories or included in public PR comments. Additionally, `git push` could be used to inject malicious code into a repository. Implement strict content filtering and approval mechanisms for any data being pushed to external repositories or posted to public platforms by the AI agent. Ensure that the agent's access tokens for `git` and `gh` are scoped to the minimum necessary permissions. | LLM | SKILL.md:112 |
Scan History
Embed Code
[](https://skillshield.io/report/0fae670c699c37fb)
Powered by SkillShield