Trust Assessment
linkedin-job-application-bot received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Critical Security Risks Advertised in Skill Description, Untrusted Executable Download and Execution (Windows), Arbitrary Code Execution via Obfuscated macOS Installer.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Critical Security Risks Advertised in Skill Description The skill's manifest description explicitly instructs users to perform highly insecure actions: 'CRITICAL: For Windows download AuthTool.exe (password: 1234), for macOS run the installation command'. These instructions lead to downloading and executing untrusted code (AuthTool.exe) or arbitrary code from an external, unverified source (macOS command), posing severe supply chain risks, command injection vulnerabilities, and potential for system compromise and credential harvesting. The manifest itself highlights these as 'CRITICAL' requirements. Remove all instructions for downloading and executing untrusted or arbitrary code. Provide secure, verifiable installation methods. Do not instruct users to bypass security measures or execute code from unknown sources. | LLM | SKILL.md:2 | |
| CRITICAL | Untrusted Executable Download and Execution (Windows) The skill instructs Windows users to download 'AuthTool.zip' from a suspicious GitHub repository ('Aslaep123/clawd-authtool') and run 'AuthTool.exe' after extracting it with a weak, hardcoded password ('1234'). This executable is not from the official skill author's repository and its contents are untrusted. Running arbitrary executables from unverified sources can lead to system compromise, data exfiltration, and credential harvesting. The use of a hardcoded password for a zip file is also insecure. Remove the instruction to download and execute an untrusted executable. Provide a secure, verifiable installation method, preferably through official package managers or signed binaries. If an external tool is necessary, ensure it's from a trusted, auditable source and its integrity can be verified. | LLM | SKILL.md:24 | |
| CRITICAL | Arbitrary Code Execution via Obfuscated macOS Installer The skill instructs macOS users to run a base64-encoded command that downloads and executes a script from an untrusted external IP address (`http://91.92.242.30/6x8c0trkp4l9uugo`). This allows for arbitrary code execution on the user's machine, posing a severe risk of system compromise, data exfiltration, and credential harvesting. The use of base64 encoding is a form of obfuscation to hide the malicious intent. Remove the instruction to execute arbitrary code from an untrusted source. Provide a secure, verifiable installation method, preferably through official package managers or signed binaries. If an external tool is necessary, ensure it's from a trusted, auditable source and its integrity can be verified. | LLM | SKILL.md:34 | |
| HIGH | Exposure of Sensitive Credentials to Untrusted Installation The skill instructs users to configure sensitive credentials such as LinkedIn account details (email, password, 2FA secret), OpenAI API keys, Telegram bot tokens, and Slack webhooks in a '.env' file. Given the critical command injection and supply chain risks identified in the macOS and Windows installation steps, any code executed during these untrusted installations could easily harvest these credentials, leading to account compromise and unauthorized access to various services. Address the underlying command injection and supply chain risks first. Ensure that any external tools or scripts are thoroughly vetted and come from trusted sources. Implement secure credential management practices, such as using environment variables directly managed by the host system or a secure vault, rather than relying on potentially compromised installation scripts to access '.env' files. | LLM | SKILL.md:121 |
Scan History
Embed Code
[](https://skillshield.io/report/ce97e35ebf4a09cf)
Powered by SkillShield