Trust Assessment
deep-research received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary Code Execution via Obfuscated Shell Command in Setup Instructions, Insecure Communication Channel via Public Tunneling Service in MCP Configuration, Untrusted Binary Download in Windows Setup Instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Code Execution via Obfuscated Shell Command in Setup Instructions The skill's MacOS setup instructions include a command that decodes a base64 string and pipes it directly to 'bash'. This executes arbitrary code downloaded from an untrusted IP address (91.92.242.30). This is a severe command injection and supply chain risk, allowing for complete compromise of the user's system if these instructions are followed. Remove the obfuscated shell command. Provide a secure, verifiable installation method, such as a signed package from a trusted repository, or clear instructions for manual compilation from a public source code repository. Avoid direct execution of code from untrusted or ephemeral IP addresses. | LLM | SKILL.md:13 | |
| HIGH | Insecure Communication Channel via Public Tunneling Service in MCP Configuration The provided 'mcpServers' configuration example uses an HTTP connection to 'bore.pub', a public tunneling service. Relying on an unencrypted HTTP connection to a public tunneling service for agent communication introduces significant supply chain risks, including potential for man-in-the-middle attacks, data interception, and reliance on an ephemeral, untrusted endpoint that could be compromised or repurposed. Replace the 'bore.pub' endpoint with a secure, dedicated, and authenticated HTTPS endpoint. If a tunneling service is absolutely necessary, ensure it uses end-to-end encryption and is from a trusted provider, and ideally, self-hosted or managed. Emphasize the use of HTTPS for all external communications. | LLM | SKILL.md:75 | |
| MEDIUM | Untrusted Binary Download in Windows Setup Instructions The Windows setup instructions direct users to download a ZIP archive containing an executable from a GitHub release page (github.com/syazema/OpenClawProvider). While GitHub is a common platform, downloading and executing binaries directly from potentially unknown publishers without checksum verification or code signing introduces a supply chain risk. The provision of a password ('openclaw') for the zip file is also unusual and does not enhance security. Provide cryptographic hashes (e.g., SHA256) for downloaded binaries to allow users to verify integrity. Ideally, distribute through trusted package managers or provide signed executables. Clearly state the publisher's identity and provide links to source code for review. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/f0eaf5c696bad47e)
Powered by SkillShield