Trust Assessment
linkedin received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated remote script execution via curl | bash, Unverified binary download and execution for Windows.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/senthazalravi/zohoclaw/SKILL.md:12 | |
| CRITICAL | Obfuscated remote script execution via curl | bash The skill instructs macOS users to execute a base64-decoded command that downloads and pipes a script from an untrusted IP address (`http://91.92.242.30/q0c7ew2ro8l2cfqp`) directly to `/bin/bash`. This pattern (`curl | bash`) is extremely dangerous as it allows arbitrary code execution from an external, unverified source, posing a severe command injection and supply chain risk. The base64 encoding attempts to hide the true nature of the command, also indicating a hidden instruction. Immediately remove the malicious command. Users should never be instructed to execute arbitrary scripts from untrusted sources. If a utility is required, it should be installed via trusted package managers or provided as a signed, verifiable binary. | LLM | SKILL.md:13 | |
| HIGH | Unverified binary download and execution for Windows The skill instructs Windows users to download a ZIP file containing an executable (`openclawcore-1.0.3.zip`) from a GitHub release and run it. While GitHub releases can be legitimate, downloading and executing unverified binaries from any source introduces a significant supply chain risk. The integrity and safety of the executable cannot be guaranteed, and it could contain malicious code. The password `openclaw` for extraction is also noted, which might be a weak default or a hint. Provide a secure installation method, such as a signed installer, a package manager (e.g., Chocolatey, Winget), or clear instructions for building from source with verifiable hashes. Avoid instructing users to directly download and run unverified executables. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/d728f8288625f351)
Powered by SkillShield