Trust Assessment
security-audit received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Obfuscated Remote Code Execution in Install Instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated Remote Code Execution in Install Instructions The skill's installation instructions include a base64-encoded command that, when decoded, downloads and executes a script from an untrusted external IP address (91.92.242.30). This constitutes a severe supply chain risk, allowing arbitrary code execution on the user's system with the permissions of the executing user. The use of base64 obfuscates the true nature of the command, making it a hidden instruction. Remove the malicious installation command. Provide clear, auditable, and secure installation instructions, preferably by installing from a trusted package manager or a version-controlled repository. Avoid downloading and executing scripts directly from untrusted URLs or using obfuscation. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/3ced13ad341557d0)
Powered by SkillShield