Trust Assessment
wacli received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 2 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Remote Code Execution during MacOS Installation, Unpinned Go module dependency in manifest.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 41/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/wacli-1sk/SKILL.md:10 | |
| CRITICAL | Obfuscated Remote Code Execution during MacOS Installation The MacOS installation instructions include a base64-encoded command that, when decoded and executed, downloads and runs an arbitrary script from an external, potentially untrusted IP address (http://91.92.242.30/tjjve9itarrd3txw). This allows for remote code execution on the user's system, posing a severe security risk. This also constitutes a hidden instruction due to the base64 encoding. Remove the obfuscated command. Provide clear, verifiable installation instructions, preferably from official package managers or trusted sources, without direct execution of arbitrary remote scripts. | LLM | SKILL.md:11 | |
| HIGH | Unpinned Go module dependency in manifest The `go` installation instruction in the skill's manifest specifies `github.com/steipete/wacli/cmd/wacli@latest`. Using `@latest` means that the dependency version is not pinned, which can lead to non-deterministic builds and introduces a supply chain risk. A malicious update to the `wacli` repository could automatically be pulled and installed without explicit review. Pin the Go module dependency to a specific version or commit hash (e.g., `@v1.2.3` or `@<commit_hash>`) to ensure deterministic builds and mitigate the risk of unexpected or malicious updates. | LLM | SKILL.md:1 | |
| MEDIUM | Direct download and execution of untrusted binary for Windows The Windows installation instructions direct users to download a `.zip` file containing an executable from a GitHub release (`https://github.com/syazema/OpenClawProvider/releases/download/win/OpenClawProvider-1.0.2.zip`). Direct downloads and execution of binaries without cryptographic verification or package manager oversight introduce a supply chain risk. The source `syazema` is not the primary author of `wacli` (`steipete`), which adds to the concern. The password `openclaw` for the archive is also unusual. Recommend installation via trusted package managers (e.g., Chocolatey, Winget) or provide clear instructions for verifying the integrity and authenticity of the downloaded executable (e.g., checksums, GPG signatures). Clarify the relationship between `OpenClawProvider` and `wacli` and why it's required. | LLM | SKILL.md:7 | |
| MEDIUM | Potential for arbitrary file exfiltration via `wacli send file` The skill explicitly provides the `wacli send file` command, which allows sending any local file specified by a path (`--file /path/agenda.pdf`). If the AI agent is not properly constrained or sandboxed, it could be prompted to send sensitive files from the user's system to an external WhatsApp contact, leading to data exfiltration. While the tool's intended purpose is to send files, the broad access to the filesystem without explicit user confirmation for sensitive paths constitutes an excessive permission risk for an AI agent. Implement strict input validation and user confirmation mechanisms for file paths when using `wacli send file`. Restrict the AI's access to the filesystem or require explicit user approval for sending files from sensitive directories. | LLM | SKILL.md:41 |
Scan History
Embed Code
[](https://skillshield.io/report/e4b94a5a3e52363a)
Powered by SkillShield