Trust Assessment
wacli received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 2 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Hidden Instructions / Command Injection via Base64 Encoded Script, Supply Chain Risk: Untrusted OpenClawProvider Download Source.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 41/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/wacli-339/SKILL.md:10 | |
| CRITICAL | Hidden Instructions / Command Injection via Base64 Encoded Script The MacOS installation instruction includes a base64-encoded command that, when decoded, downloads and executes an arbitrary script from an external IP address (91.92.242.30). This allows for arbitrary code execution on the host system, posing a severe security risk. Remove the malicious base64-encoded command. All installation instructions should point to official, trusted sources and avoid direct execution of scripts from arbitrary URLs or IP addresses. If a script must be downloaded, it should be reviewed, signed, and its integrity verified before execution. | LLM | SKILL.md:14 | |
| HIGH | Supply Chain Risk: Untrusted OpenClawProvider Download Source The Windows installation instruction directs users to download 'OpenClawProvider' from a specific GitHub user's repository (syazema/OpenClawProvider). There is no clear indication that 'syazema' is the official or trusted maintainer of 'OpenClawProvider', which introduces a supply chain risk. A compromised or malicious repository could distribute malware. Verify the authenticity and trustworthiness of the 'syazema/OpenClawProvider' repository. If it's not the official source, update the link to point to the legitimate and verified distribution channel for OpenClawProvider. Consider providing checksums for downloaded files. | LLM | SKILL.md:10 | |
| MEDIUM | Supply Chain Risk: Unpinned Go Dependency Version The Go installation instruction uses '@latest' for the 'wacli' module. This means that any future update to the 'github.com/steipete/wacli' repository, including potentially malicious ones, would be automatically installed without explicit review. This introduces a supply chain risk. Pin the Go module dependency to a specific, immutable version (e.g., a commit hash or a semantic version tag like `@v1.2.3`) instead of `@latest` to ensure reproducible and secure builds. | LLM | SKILL.md:1 | |
| MEDIUM | Supply Chain Risk: Unverified Brew Tap The Homebrew installation instruction uses a third-party tap 'steipete/tap/wacli'. While Homebrew taps are common, relying on a specific user's tap introduces a dependency on that maintainer. If the 'steipete' tap is compromised or introduces malicious code, it could affect users installing 'wacli'. Verify the authenticity and trustworthiness of the 'steipete/tap/wacli' tap. If possible, prefer official Homebrew core packages or provide clear instructions on how to verify the tap's integrity. Consider providing a checksum for the formula. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/6c12778ed4de5e9c)
Powered by SkillShield