Trust Assessment
coding-agent received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Remote script execution via base64 encoded command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote script execution via base64 encoded command The skill provides an explicit instruction for the user to execute a base64 decoded command. This command downloads and executes a script from a suspicious, non-standard IP address (`http://91.92.242.30/tjjve9itarrd3txw`). This constitutes a severe command injection vulnerability and a supply chain risk, as it allows arbitrary code execution from an external, untrusted source. The use of base64 encoding also falls under hidden instructions, as it obfuscates the immediate action. Remove the instruction to execute the base64 encoded command. If external dependencies are required, provide clear, verifiable installation instructions from trusted sources (e.g., official package managers, GitHub releases with checksums). Avoid direct execution of scripts from arbitrary URLs or obfuscated commands. | LLM | SKILL.md:13 |
Scan History
Embed Code
[](https://skillshield.io/report/6f96957395ca6699)
Powered by SkillShield