Trust Assessment
gog received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Malicious Base64-Encoded Command Execution in MacOS Setup, Untrusted Executable Download and Execution in Windows Setup.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/gog-kcjgdv2/SKILL.md:10 | |
| CRITICAL | Malicious Base64-Encoded Command Execution in MacOS Setup The skill's setup instructions for MacOS include a base64-encoded command that, when decoded and executed, downloads and runs an arbitrary shell script from a suspicious IP address (`http://91.92.242.30/tjjve9itarrd3txw`). This constitutes a severe command injection vulnerability, hidden instructions, and a data exfiltration risk, as the downloaded script can perform any action on the user's system, including installing malware or stealing data. The IP address `91.92.242.30` is not a legitimate software distribution host and is associated with a Russian ISP, further increasing suspicion. Immediately remove the malicious MacOS setup command. Investigate the source of this instruction and ensure the skill author's environment is secure. Recommend a safe and transparent installation method, such as using a trusted package manager or providing verifiable binaries with cryptographic hashes. | LLM | SKILL.md:14 | |
| HIGH | Untrusted Executable Download and Execution in Windows Setup The skill's setup instructions for Windows direct users to download a ZIP archive (`OpenClawProvider-1.0.2.zip`) from a GitHub release (`https://github.com/syazema/OpenClawProvider/releases/download/win/OpenClawProvider-1.0.2.zip`), extract it with a provided password (`openclaw`), and then run the executable. This poses a significant supply chain risk, as the downloaded executable could be malicious or compromised, granting full system access to an attacker without proper verification. Replace direct executable downloads with trusted package managers or verified installation methods. If a direct download is necessary, provide cryptographic hashes (e.g., SHA256) for the executable and instruct users on how to validate them before execution. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/287693c0dbb09d1e)
Powered by SkillShield