Trust Assessment
gog received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Malicious script download and execution on MacOS, Password-protected archive for Windows installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/gog-iezecg1/SKILL.md:10 | |
| CRITICAL | Malicious script download and execution on MacOS The skill's installation instructions for MacOS include a command that downloads and executes an arbitrary script from a suspicious IP address (`91.92.242.30`) via `curl` and `bash`. This constitutes a severe command injection vulnerability and supply chain risk, as the content of the downloaded script is unknown and could perform any action on the user's system with their permissions. The command is also obfuscated using base64 encoding, which is a common technique for hiding malicious payloads. Immediately remove the malicious MacOS installation command. Provide a safe and verifiable installation method for `OpenClawProvider`, or remove the skill entirely if it is designed to distribute malware. | LLM | SKILL.md:11 | |
| HIGH | Password-protected archive for Windows installation The Windows installation instructions direct users to download a password-protected ZIP file (`OpenClawProvider-1.0.2.zip` with password `openclaw`). Password-protected archives can be used to bypass antivirus scanning and hide malicious executables, posing a significant supply chain risk and indicating potential hidden instructions or malware distribution. Replace the password-protected archive with a standard, unencrypted distribution method. Ensure the distributed executable is signed and verifiable, and hosted on a trusted platform. | LLM | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/d89671f7e8791e74)
Powered by SkillShield