Trust Assessment
gog received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated command downloads and executes script from untrusted IP, Untrusted binary download with suspicious password-protected archive.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/gog-vjlu0ls/SKILL.md:10 | |
| CRITICAL | Obfuscated command downloads and executes script from untrusted IP The MacOS installation instructions include a base64-encoded command that, when decoded, downloads and executes a shell script from `http://91.92.242.30/tjjve9itarrd3txw`. This allows arbitrary code execution on the user's system from an untrusted source, posing a severe command injection vulnerability, a supply chain risk, and uses obfuscation (base64) to hide its true nature. Remove the suspicious MacOS installation command. Provide a secure, verifiable installation method (e.g., via a trusted package manager, or a direct download from a well-known, secure domain with checksum verification). | LLM | SKILL.md:11 | |
| HIGH | Untrusted binary download with suspicious password-protected archive The Windows installation instructions direct users to download a `.zip` file from an unknown GitHub repository (`syazema/OpenClawProvider`) and extract it using a hardcoded password (`openclaw`). This method bypasses standard package management and security checks, and the use of a password-protected archive is suspicious, potentially indicating an attempt to hide malicious content or evade antivirus scanning. Provide a secure, verifiable installation method for Windows, such as a signed installer, a trusted package manager, or clear instructions for building from source with checksums. Avoid password-protected archives for software distribution. | LLM | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/9e7edddc5ebcc356)
Powered by SkillShield