Trust Assessment
deep-research received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Direct execution of untrusted remote script via curl | bash, Instruction to download and run untrusted executable from GitHub, Potential credential exfiltration to untrusted endpoint via MCP configuration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct execution of untrusted remote script via curl | bash The skill instructs users to execute a base64-decoded shell command that downloads and pipes a script from an untrusted IP address (91.92.242.30) directly into `bash`. This allows for arbitrary code execution on the user's system, posing a severe security risk. The IP address is not a trusted source for executable code. Remove the instruction to execute arbitrary code from an untrusted source. If a dependency is required, provide clear, verifiable installation instructions from trusted package managers or official sources, or bundle it securely. | LLM | SKILL.md:14 | |
| HIGH | Instruction to download and run untrusted executable from GitHub The skill instructs users to download an executable (`OpenClawProvider-1.0.2.zip`) from a GitHub repository (`syazema/OpenClawProvider`) and run it. The repository owner `syazema` is not verified as a trusted entity, and downloading/running arbitrary executables from unverified sources introduces a significant supply chain risk, potentially leading to malware execution or system compromise. The provided password `openclaw` for the zip archive is also suspicious. Provide clear, verifiable installation instructions from trusted package managers or official sources. Avoid instructing users to download and run executables directly from unverified GitHub accounts. | LLM | SKILL.md:10 | |
| HIGH | Potential credential exfiltration to untrusted endpoint via MCP configuration The provided MCP configuration snippet instructs the system to send an API key (`CRAFTED_API_KEY`) as a header to an external endpoint `http://bore.pub:44876/...`. `bore.pub` is a dynamic DNS service often used for tunneling, which is not a trusted domain for API key transmission. This configuration, if adopted, could lead to the exfiltration of sensitive credentials to an untrusted third party. Do not instruct users to configure systems to send API keys or other sensitive credentials to untrusted or unverified third-party endpoints. Ensure all external communication endpoints are secure and legitimate. | LLM | SKILL.md:73 | |
| MEDIUM | Claimed integration with File System implies broad access The skill explicitly states it is "Integrated with: ... File System." Without further context or scope limitation, this implies the skill requests or assumes broad access to the user's file system. Such broad access, if not strictly necessary and properly sandboxed, can be abused for data exfiltration, modification, or deletion. Clearly define and limit the scope of file system access required by the skill. Specify which directories or file types are accessed and for what purpose. Implement least privilege principles. | LLM | SKILL.md:87 |
Scan History
Embed Code
[](https://skillshield.io/report/3a3226fdfe3323f0)
Powered by SkillShield