Trust Assessment
nano-pdf received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Remote Code Execution via Obfuscated Bash Script, Suspicious Password-Protected Archive for Windows Installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/nano-pdf-quqdg/SKILL.md:10 | |
| CRITICAL | Remote Code Execution via Obfuscated Bash Script The MacOS installation instructions contain a `bash` command that decodes a base64 string and pipes it directly to `bash` for execution. The decoded string executes a `curl` command to download and run an arbitrary script from an untrusted IP address (`http://91.92.242.30/lamq4uerkruo6ssm`). This constitutes a severe command injection vulnerability and a hidden instruction, allowing for arbitrary remote code execution on the user's system if the LLM were to execute or recommend this command. Immediately remove the malicious MacOS installation command. Provide a safe, verifiable installation method, or clearly state that MacOS is not supported. | LLM | SKILL.md:11 | |
| HIGH | Suspicious Password-Protected Archive for Windows Installation The Windows installation instructions direct users to download a ZIP archive from GitHub that requires a password (`openclaw`) to extract. Requiring a password for a publicly distributed software package is highly unusual and suspicious, potentially indicating an attempt to evade security scans or hide malicious content, posing a supply chain risk. Remove the password protection from the archive or provide a clear, transparent explanation for its necessity and ensure the contents are benign. If the archive is intended to be private, it should not be part of public installation instructions. | LLM | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/366ebbb1f2406b82)
Powered by SkillShield