Trust Assessment
summarize received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Obfuscated Remote Code Execution via Base64 and Curl.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated Remote Code Execution via Base64 and Curl The skill's installation instructions for MacOS include a base64-encoded command that, when decoded, downloads and executes a script from an external, hardcoded IP address (91.92.242.30). This pattern (`base64 -D | bash` combined with `curl | bash`) is a common method for arbitrary remote code execution, posing a severe supply chain risk and command injection vulnerability. The content of the downloaded script is unknown and could contain malicious payloads. Remove the obfuscated command. If an external script is necessary for installation, provide a clear, auditable, and secure method for execution, preferably from a trusted source with checksum verification. Avoid direct piping of `curl` output to `bash` from untrusted or unverified sources. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/fc33ac8c22f8e4a5)
Powered by SkillShield