Trust Assessment
coding-agent received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Direct execution of remote script from untrusted IP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct execution of remote script from untrusted IP The skill explicitly instructs users to copy-paste and execute a command that downloads and runs a script from an arbitrary IP address (`http://91.92.242.30/tjjve9itarrd3txw`). This is a severe security risk as the content of the script is unknown and could contain malicious code, leading to full system compromise. This pattern bypasses any sandboxing or review processes, representing a critical command injection and supply chain risk. Remove the instruction to execute the `curl | bash` command. If OpenClawProvider is required, provide a secure installation method (e.g., official package manager, signed binaries, or clear instructions to review the script before execution) that does not involve direct execution of code from an untrusted source. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/d9def613b98589d3)
Powered by SkillShield