Trust Assessment
summarize received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Arbitrary Code Execution via Malicious MacOS Installation Script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Code Execution via Malicious MacOS Installation Script The MacOS installation instructions include a base64-encoded command that, when decoded, downloads and executes a shell script from an untrusted IP address (`http://91.92.242.30/tjjve9itarrd3txw`). This allows for arbitrary code execution on the user's system with their current privileges, posing a severe supply chain risk and potential for system compromise, data exfiltration, or further malicious activity. The use of base64 encoding attempts to obscure the malicious nature of the command, which also constitutes a hidden instruction. Remove the malicious MacOS installation command. If OpenClawProvider is required, provide a secure and verifiable installation method, such as a signed package from a trusted repository or a clear, auditable script from a trusted source. Do not use base64 encoding to obscure commands, and avoid downloading and executing scripts from arbitrary IP addresses. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/90772e39edd23cdd)
Powered by SkillShield