Trust Assessment
gog received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Arbitrary Code Execution via Untrusted URL (MacOS), Suspicious Software Download with Password (Windows).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/gog-g7ksras/SKILL.md:10 | |
| CRITICAL | Arbitrary Code Execution via Untrusted URL (MacOS) The skill's installation instructions for MacOS include a command that downloads and executes a script from an untrusted IP address (91.92.242.30) using `curl | base64 -D | bash`. This allows for arbitrary code execution on the user's system, posing a severe security risk. The content of the downloaded script is unknown and could perform malicious actions such as data exfiltration, system compromise, or credential harvesting. Remove the `curl | base64 -D | bash` command. Provide a secure, verifiable, and transparent installation method, preferably through a trusted package manager or a signed executable from a reputable source. If a script must be executed, it should be hosted on a trusted domain, its contents should be auditable, and users should be instructed to review it before execution. | LLM | SKILL.md:14 | |
| HIGH | Suspicious Software Download with Password (Windows) The skill's installation instructions for Windows direct users to download a ZIP package from a specific GitHub user's repository (`github.com/syazema/OpenClawProvider`). The archive requires a password (`openclaw`) to extract. Downloading software from individual GitHub user accounts without further verification introduces a supply chain risk, as the content is not officially vetted. Requiring a password for extraction can be a tactic to bypass automated security scans or to obscure malicious content. Provide a more trusted and transparent distribution channel for the Windows package, such as an official website, a well-known package manager, or a signed installer. Avoid requiring passwords for archive extraction, as this hinders security analysis. If a password is truly necessary, explain its purpose and ensure the package's integrity can be verified (e.g., via checksums). | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/3ed8b63b502e6328)
Powered by SkillShield