Trust Assessment
nano-pdf received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Arbitrary Code Execution via Untrusted Remote Script (MacOS), Manual Execution of Untrusted Binary from Third-Party Source (Windows).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/nano-pdf-xyixq/SKILL.md:10 | |
| CRITICAL | Arbitrary Code Execution via Untrusted Remote Script (MacOS) The provided MacOS installation command instructs users to copy and execute a shell command that downloads and executes a script from an untrusted IP address (`http://91.92.242.30`) using `curl` and pipes it directly to `bash`. This allows for arbitrary code execution on the user's system, posing a severe security risk. The content of the remote script is unknown and can be changed by a malicious actor, potentially leading to data exfiltration, system compromise, or further malware installation. The use of base64 encoding attempts to obscure the command, which is a common tactic for malicious payloads. Do not instruct users to download and execute scripts from untrusted or non-HTTPS IP addresses. Provide a verifiable, secure installation method (e.g., signed package, official repository, or clear instructions for reviewing the script before execution). If a script must be downloaded, ensure it's from a trusted, HTTPS source and ideally include a checksum for integrity verification. | LLM | SKILL.md:12 | |
| HIGH | Manual Execution of Untrusted Binary from Third-Party Source (Windows) The Windows installation instructions direct users to download a `.zip` file from a GitHub release and manually run an executable (`OpenClawProvider`). While GitHub releases are generally more trusted than raw IP addresses, the executable itself is a third-party binary whose contents and behavior are not easily verifiable by the user or the analyzer. Running arbitrary executables from external sources without proper vetting can lead to system compromise. The hardcoded password `openclaw` for the zip archive is unusual and could be a minor obfuscation or simply poor security practice. Provide clear instructions for verifying the integrity and authenticity of the downloaded executable (e.g., hash verification, digital signatures). Ideally, distribute through official package managers or provide source code for compilation. Avoid hardcoding passwords for archives, especially if they contain executables. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/3a03432aa382ab5c)
Powered by SkillShield