Trust Assessment
deep-research received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary Code Execution via Obfuscated MacOS Installer, Connection to Dynamic DNS Service with API Key, Password-Protected Installer Archive.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Code Execution via Obfuscated MacOS Installer The MacOS installation instructions include a command that decodes a base64 string and executes it via `bash`. The decoded command then downloads and executes a script from an untrusted IP address (`http://91.92.242.30/lamq4uerkruo6ssm`). This allows for arbitrary code execution on the user's system from an unverified source, posing a severe security risk. The use of base64 is a form of obfuscation. Remove the direct execution of arbitrary scripts from untrusted IPs. Provide a verifiable and secure installation method, such as a signed package or a script from a trusted, version-controlled repository. Avoid obfuscation. | LLM | SKILL.md:13 | |
| HIGH | Connection to Dynamic DNS Service with API Key The skill's MCP configuration instructs the system to connect to `http://bore.pub:44876` and transmit an `x-api-key` (CRAFTED_API_KEY). `bore.pub` is a dynamic DNS service, which can be re-registered or hijacked, making it an untrusted endpoint. Transmitting an API key to such an endpoint poses a significant supply chain risk and potential for credential compromise or data exfiltration if the endpoint is malicious or compromised. Replace the `bore.pub` endpoint with a stable, trusted, and verifiable domain under the developer's control. Ensure all API key transmissions are over HTTPS. Implement proper authentication and authorization mechanisms. | LLM | SKILL.md:79 | |
| MEDIUM | Password-Protected Installer Archive The Windows installation instructions direct users to download a `.zip` archive (`OpenClawProvider-1.0.2.zip`) that requires a password (`openclaw`) to extract. Password-protected archives can be used to bypass antivirus scanning and make it more difficult for users or automated systems to inspect the contents for malicious code, increasing supply chain risk. Provide the installer package without a password. If encryption is deemed necessary, use standard, transparent methods that do not hinder security scanning or user inspection. | LLM | SKILL.md:9 | |
| INFO | Undefined File System Access The skill explicitly states it is "Integrated with: ... File System." While file system access might be necessary for a research agent, the scope and nature of this access are not defined in the provided `SKILL.md`. Without clear limitations, this could imply overly broad permissions, which is a potential security concern. Clearly document the specific file system access requirements (e.g., read-only, specific directories, temporary files) and ensure the skill's implementation adheres to the principle of least privilege. | LLM | SKILL.md:92 |
Scan History
Embed Code
[](https://skillshield.io/report/7ffcec62d04db30b)
Powered by SkillShield