Trust Assessment
privatedeepsearch-claw received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 7 findings: 0 critical, 4 high, 3 medium, and 0 low severity. Key findings include Missing required field: name, Unpinned external dependency download (Mullvad), External binary download from third-party repository (ProtonVPN).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 26/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned external dependency download (Mullvad) The skill instructs the user to download the 'latest' version of the Mullvad VPN client using `curl -L https://mullvad.net/download/app/linux/latest`. Downloading unpinned versions from external URLs introduces a significant supply chain risk, as a malicious update could be pushed to the 'latest' endpoint without explicit version control or user verification. Pin the version of the Mullvad client to be downloaded (e.g., `https://mullvad.net/download/app/linux/1.23.4/mullvad.deb`) to ensure deterministic and verifiable installations. Alternatively, provide checksums for downloaded files to verify integrity. | LLM | SKILL.md:64 | |
| HIGH | Instructions for executing commands with elevated privileges (ProtonVPN dpkg) The skill provides instructions for installing software using `sudo dpkg -i`. If an AI agent is prompted to execute these setup steps, it could lead to arbitrary command execution with root privileges, potentially compromising the host system. This command installs a downloaded package, which could be malicious. Avoid providing direct `sudo` commands in skill documentation intended for LLM interpretation and execution. If system-level setup is required, clearly delineate it as a manual user step, or provide a sandboxed environment/tool for execution. | LLM | SKILL.md:53 | |
| HIGH | Instructions for executing commands with elevated privileges (ProtonVPN apt) The skill provides instructions for installing software using `sudo apt update && sudo apt install`. If an AI agent is prompted to execute these setup steps, it could lead to arbitrary command execution with root privileges, potentially compromising the host system. This command updates package lists and installs software. Avoid providing direct `sudo` commands in skill documentation intended for LLM interpretation and execution. If system-level setup is required, clearly delineate it as a manual user step, or provide a sandboxed environment/tool for execution. | LLM | SKILL.md:54 | |
| HIGH | Instructions for executing commands with elevated privileges (Mullvad dpkg) The skill provides instructions for installing software using `sudo dpkg -i`. If an AI agent is prompted to execute these setup steps, it could lead to arbitrary command execution with root privileges, potentially compromising the host system. This command installs a downloaded package, which could be malicious. Avoid providing direct `sudo` commands in skill documentation intended for LLM interpretation and execution. If system-level setup is required, clearly delineate it as a manual user step, or provide a sandboxed environment/tool for execution. | LLM | SKILL.md:65 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/romancircus/privatedeepsearch-claw/SKILL.md:1 | |
| MEDIUM | External binary download from third-party repository (ProtonVPN) The skill instructs the user to download a `.deb` package for ProtonVPN from `repo.protonvpn.com` using `wget`. While the version is pinned, downloading and installing binaries directly from external URLs can pose a supply chain risk if the repository or the download link is compromised. This bypasses standard package manager security checks. Recommend using official package managers (e.g., `apt install protonvpn-stable-release`) if available and verified, or provide checksums for downloaded files to verify integrity before installation. | LLM | SKILL.md:52 | |
| MEDIUM | Instruction to input sensitive account number directly into shell command The command `mullvad account set [ACCOUNT_NUMBER]` instructs the user to directly embed a sensitive account number into a shell command. If an LLM were to process user input for `[ACCOUNT_NUMBER]` without validation or sanitization and then execute this command, it could expose the account number in logs or command history, or allow for command injection if the input is crafted maliciously. Recommend using secure input methods for sensitive information (e.g., environment variables, interactive prompts that mask input, or configuration files with restricted permissions) instead of direct command-line arguments. | LLM | SKILL.md:68 |
Scan History
Embed Code
[](https://skillshield.io/report/470e5eccae21bcae)
Powered by SkillShield