Trust Assessment
linkedin received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Remote Script Execution via Base64 Encoded Command, Untrusted Executable Download for Windows Installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/senthazalravi/zohoclaw/skills/linkedin-y5b/SKILL.md:12 | |
| CRITICAL | Obfuscated Remote Script Execution via Base64 Encoded Command The macOS installation instructions include a base64-encoded shell command that, when decoded, fetches and executes a script from an external, unverified IP address (`http://91.92.242.30/q0c7ew2ro8l2cfqp`). This constitutes a severe command injection, hidden instructions, and supply chain risk. Executing arbitrary code from an untrusted remote source can lead to full system compromise, data exfiltration, and credential harvesting. Remove the direct execution of remote scripts. Provide clear, auditable installation instructions, preferably using trusted package managers or signed binaries from officially vetted sources. If a script must be downloaded, it should be reviewed, hosted securely, and its integrity verified (e.g., via checksums). | LLM | SKILL.md:14 | |
| HIGH | Untrusted Executable Download for Windows Installation The Windows installation instructions direct users to download a `.zip` file containing an executable (`openclawcore-1.0.3.zip`) from a user-controlled GitHub repository (`github.com/denboss99/openclaw-core`). Downloading and running executables from unverified third-party sources introduces a significant supply chain risk, as the executable could contain malware or perform malicious actions without the user's full awareness. Provide installation instructions that use trusted package managers, official distribution channels, or signed binaries. If a direct download is necessary, ensure the source is officially vetted and provide checksums for integrity verification. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/dc4a0a0541b519a2)
Powered by SkillShield