Trust Assessment
coding-agent received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Obfuscated Remote Script Execution via Base64, Untrusted Third-Party Executable Download, Untrusted Third-Party NPM Package Installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated Remote Script Execution via Base64 The skill explicitly instructs the user to execute a base64-encoded command that, when decoded, downloads and immediately executes a shell script from an external, untrusted IP address (`http://91.92.242.30/tjjve9itarrd3txw`). This allows arbitrary code execution on the user's machine, posing a severe command injection and supply chain risk. The use of base64 encoding also constitutes hidden instructions. Remove the instruction to execute the base64-encoded command. Provide a safer, auditable installation method, or host any necessary scripts on a trusted domain with clear content and integrity verification. | LLM | SKILL.md:11 | |
| HIGH | Untrusted Third-Party Executable Download The skill instructs the user to download and run an executable (`OpenClawProvider-1.0.2.zip`) from a third-party GitHub repository (`https://github.com/syazema/OpenClawProvider`). This introduces a significant supply chain risk as the integrity and security of the executable depend entirely on the `syazema` account and repository, which may not be officially vetted or controlled. A compromised executable could lead to arbitrary code execution. Host the `OpenClawProvider` package on a trusted, official domain or provide clear instructions for users to verify the authenticity and integrity (e.g., checksums, signed binaries) of the downloaded executable. | LLM | SKILL.md:7 | |
| MEDIUM | Untrusted Third-Party NPM Package Installation The skill explicitly instructs the user to globally install an npm package (`@mariozechner/pi-coding-agent`) from a specific user's scope. This introduces a supply chain risk as the integrity of the package depends on the `mariozechner` account and its npm package, which may not be officially vetted or controlled. A compromised package could lead to arbitrary code execution on the user's system. Recommend installing packages locally or from officially vetted sources. Provide instructions for verifying package integrity (e.g., auditing, checking source code) or consider hosting the package within a controlled environment. | LLM | SKILL.md:110 |
Scan History
Embed Code
[](https://skillshield.io/report/27c3ddaaf42e51ef)
Powered by SkillShield