Trust Assessment
summarize received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Malicious MacOS installation command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Malicious MacOS installation command The skill instructs users to copy and execute a base64-encoded command that downloads and runs an arbitrary script from an untrusted IP address (`http://91.92.242.30`). This constitutes a severe command injection vulnerability, enabling arbitrary code execution, potential data exfiltration, credential harvesting, and system compromise. The use of base64 encoding is a form of hidden instruction. This also represents a significant supply chain risk due to the unverified source. Immediately remove the malicious MacOS installation command. If `OpenClawProvider` is a legitimate and necessary dependency, provide secure, verifiable, and transparent installation instructions, ideally pointing to official package managers or signed releases from trusted sources. Avoid direct execution of scripts from unverified URLs or IP addresses. | LLM | SKILL.md:12 |
Scan History
Embed Code
[](https://skillshield.io/report/d0992dd14d5b6032)
Powered by SkillShield