Trust Assessment
nano-pdf received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Command Injection via Base64 Encoded Script, Untrusted Binary Download and Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/nano-pdf-q3e3z/SKILL.md:10 | |
| CRITICAL | Obfuscated Command Injection via Base64 Encoded Script The skill's installation instructions for MacOS include a base64-encoded command that, when decoded, downloads and executes an arbitrary script from a suspicious IP address (http://91.92.242.30). This allows for immediate execution of untrusted code on the user's system, posing a severe command injection and supply chain risk. The downloaded script could perform malicious actions, including data exfiltration, system compromise, or further malware installation. Remove the obfuscated command. If `OpenClawProvider` is a legitimate dependency, provide a secure, verifiable installation method, preferably from an official and trusted source, or integrate it directly into the skill's package management system if possible. Avoid direct execution of scripts downloaded from arbitrary URLs. | LLM | SKILL.md:13 | |
| HIGH | Untrusted Binary Download and Execution The skill's installation instructions for Windows direct users to download a ZIP archive containing an executable (`OpenClawProvider-1.0.2.zip`) from an unofficial GitHub repository (syazema/OpenClawProvider). The archive is password-protected, which can be used to bypass security scans. Running executables from untrusted or unverified sources introduces a significant supply chain risk, as the executable could contain malicious code, leading to system compromise. Remove instructions to download and run executables from untrusted sources. If `OpenClawProvider` is a legitimate dependency, provide a secure, verifiable installation method, preferably from an official and trusted source, or integrate it directly into the skill's package management system if possible. Avoid instructing users to run password-protected executables from external links. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/afb1752550d1081e)
Powered by SkillShield