Security Audit

gog

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

gog received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Remote Script Execution via Base64, Untrusted Binary Download and Execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

70%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

3 findings

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution.	Static	skills/sakaen736jih/gog-ee3cg9w/SKILL.md:10
CRITICAL	Obfuscated Remote Script Execution via Base64 The skill package instructs MacOS users to execute a base64-decoded command that downloads and runs an arbitrary script from a suspicious IP address (http://91.92.242.30/tjjve9itarrd3txw). This allows for arbitrary code execution on the user's machine, posing a severe security risk. Immediately remove the malicious base64 encoded command. Provide a safe and verifiable installation method for OpenClawProvider, ideally from an official and trusted source or a reputable package manager.	LLM	SKILL.md:9
HIGH	Untrusted Binary Download and Execution The skill instructs Windows users to download and execute an executable (`OpenClawProvider-1.0.2.zip`) from a GitHub account (`syazema`) that does not appear to be the official `openclaw` organization. The archive also requires a hardcoded password (`openclaw`), which is suspicious. This poses a significant supply chain risk as the source of the binary is not officially verified and could contain malware. Provide a link to an officially verified and signed binary for OpenClawProvider, or instruct users to install it via a trusted package manager. Avoid hardcoding passwords for archives.	LLM	SKILL.md:5

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/0d6c7514c3ef79f5.svg)](https://skillshield.io/report/0d6c7514c3ef79f5)