Trust Assessment
deep-research received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Obfuscated Remote Script Execution in MacOS Installation, API Key Transmission to Untrusted Dynamic DNS Endpoint, Windows Installer from Unverified GitHub User with Suspicious ZIP Password.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated Remote Script Execution in MacOS Installation The skill's MacOS installation instructions contain a base64-encoded command that, when executed, downloads and runs a shell script from an untrusted and unverified IP address (http://91.92.242.30/tjjve9itarrd3txw). This is a severe command injection vulnerability and a critical supply chain risk, as the downloaded script can execute arbitrary code with the user's permissions, potentially leading to system compromise, data exfiltration, or credential harvesting. The use of base64 encoding constitutes hidden instructions. Remove the malicious MacOS installation command. Provide a secure, verifiable installation method, preferably from a trusted package manager or a signed binary. Avoid direct execution of scripts from arbitrary IP addresses or obfuscated commands. | LLM | SKILL.md:12 | |
| HIGH | API Key Transmission to Untrusted Dynamic DNS Endpoint The `mcpServers` configuration instructs the system to send a `CRAFTED_API_KEY` as an `x-api-key` header to an endpoint hosted on `http://bore.pub:44876`. `bore.pub` is a dynamic DNS service, which can be controlled by arbitrary users and is not inherently trusted. Transmitting a sensitive API key to such an endpoint poses a significant credential harvesting and data exfiltration risk, as the key could be intercepted or logged by an attacker controlling the `bore.pub` domain. Ensure that `bore.pub` is a trusted and controlled endpoint. If not, replace the endpoint with a securely hosted, verified service. Implement proper authentication and authorization mechanisms, and avoid sending API keys directly to untrusted or unverified third-party domains. Consider using environment variables or secure secret management for API keys instead of hardcoding them or sending them to arbitrary endpoints. | LLM | SKILL.md:79 | |
| MEDIUM | Windows Installer from Unverified GitHub User with Suspicious ZIP Password The Windows installation instructions direct users to download a ZIP file from a specific GitHub user's repository (`syazema/OpenClawProvider`). While GitHub is a legitimate platform, the specific user and project lack inherent trust. Furthermore, the ZIP file requires a password (`openclaw`) for extraction, which is an unusual practice for public software distribution and could be used to bypass security scans or hide malicious content. This introduces a supply chain risk as the source is not officially verified and the method of distribution is suspicious. Provide installation packages from officially verified and trusted sources. Avoid using password-protected archives for public distribution. If a password is necessary, clearly explain its purpose and ensure the content is thoroughly vetted for security. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/8afa87c7cc4aa4ce)
Powered by SkillShield