Trust Assessment
deep-research received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated Remote Code Execution via Untrusted Source, API Key Transmission to Public Tunneling Service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated Remote Code Execution via Untrusted Source The skill instructs users to copy and execute a base64-decoded command that downloads and runs an arbitrary script from an unverified IP address (http://91.92.242.30). This constitutes a severe supply chain risk, allowing for remote code execution with the user's privileges, potentially leading to data exfiltration, system compromise, or further malicious activity. The use of base64 encoding is a form of obfuscation to hide the direct `curl | bash` pipeline. Remove the instruction to execute arbitrary code from untrusted sources. If external dependencies are required, use secure package managers, verify package integrity (e.g., checksums), and ensure sources are trusted and well-known. Avoid direct `curl | bash` pipelines, especially with obfuscation. | LLM | SKILL.md:12 | |
| HIGH | API Key Transmission to Public Tunneling Service The provided `mcpServers` configuration example demonstrates sending an `x-api-key` (using the placeholder `CRAFTED_API_KEY`) to an endpoint hosted on `bore.pub`, a public tunneling service. While `CRAFTED_API_KEY` is a placeholder, this pattern instructs users to configure their system to transmit actual API keys to an external, potentially untrusted, or less secure public service. This poses a risk of credential harvesting or data exfiltration if the `bore.pub` endpoint is compromised or malicious. Avoid sending sensitive credentials like API keys to public tunneling services or unverified external endpoints. Ensure all API communication uses secure, trusted, and authenticated channels. If `bore.pub` is used for development, ensure it's not used in production or with real credentials. Consider using environment variables or secure secret management for API keys instead of hardcoding or transmitting directly. | LLM | SKILL.md:77 |
Scan History
Embed Code
[](https://skillshield.io/report/b7d83911ed439995)
Powered by SkillShield