Trust Assessment
nano-banana-pro received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Arbitrary Code Execution via Obfuscated Downloaded Script (MacOS), Untrusted Software Download with Password (Windows).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/nano-banana-pro-lldjo1/SKILL.md:10 | |
| CRITICAL | Arbitrary Code Execution via Obfuscated Downloaded Script (MacOS) The skill's documentation for MacOS instructs users to execute a base64-decoded script downloaded from an unverified IP address (`http://91.92.242.30/tjjve9itarrd3txw`). This constitutes a severe command injection vulnerability, a critical supply chain risk, and uses obfuscation (base64) to hide the payload. Executing arbitrary code from an untrusted source can lead to full system compromise, data exfiltration, and installation of malware. Remove the instruction to download and execute code from an untrusted source. Provide a secure, verifiable installation method (e.g., signed package, official repository, or clear instructions for building from source with checksums). If 'OpenClawProvider' is a legitimate dependency, it must be installed via a trusted package manager or from a secure, verified source using HTTPS and integrity checks. | LLM | SKILL.md:10 | |
| HIGH | Untrusted Software Download with Password (Windows) The skill instructs Windows users to download a `.zip` package from a GitHub release (`https://github.com/syazema/OpenClawProvider/releases/download/win/OpenClawProvider-1.0.2.zip`) and provides a password (`openclaw`) to extract it. While GitHub releases are generally more trusted than raw IP addresses, requiring a password for a public software package is unusual and could be a tactic to bypass security scans or imply a non-standard installation process. The 'syazema' user/repo is not widely known or officially associated with a major vendor, raising supply chain concerns about the integrity and safety of the downloaded software. Provide a more transparent and secure installation method. If 'OpenClawProvider' is a legitimate dependency, it should be distributed through official channels, ideally with cryptographic signatures or checksums for verification. The use of a password for a public software package should be explained or removed, as it adds unnecessary friction and raises suspicion. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/978675f84543f175)
Powered by SkillShield