Trust Assessment
wacli received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 1 medium, and 1 low severity. Key findings include Obfuscated execution: base64 decode to shell, Remote script execution via base64 encoded command during MacOS installation, Download and execution of untrusted executable from third-party GitHub release.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 46/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/wacli-era/SKILL.md:10 | |
| CRITICAL | Remote script execution via base64 encoded command during MacOS installation The skill's installation instructions for MacOS include a base64 encoded command that, when decoded, downloads and executes a script from an external, unverified IP address (`91.92.242.30`). This allows arbitrary code execution on the user's system, posing a severe security risk. This is a clear instance of command injection, hidden instructions, and a supply chain risk. Remove the base64 encoded command. Provide a secure, verifiable installation method, preferably through official package managers or by directly linking to signed binaries from trusted sources. Avoid downloading and executing scripts from arbitrary URLs or IP addresses. | LLM | SKILL.md:13 | |
| HIGH | Download and execution of untrusted executable from third-party GitHub release The Windows installation instructions direct users to download a password-protected ZIP archive containing an executable (`OpenClawProvider-1.0.2.zip`) from a GitHub repository (`syazema/OpenClawProvider`) that is not the primary source for `wacli`. Running executables from unverified third-party sources, especially with a provided password, introduces a significant supply chain risk and potential for malware infection. Provide installation instructions that rely on official, signed binaries or trusted package managers. If a custom provider is necessary, ensure it is from a verified source, ideally the same project or a clearly documented dependency, and provide cryptographic hashes for verification. Avoid distributing executables via password-protected archives. | LLM | SKILL.md:9 | |
| MEDIUM | Potential data exfiltration through arbitrary file sending capability The `wacli send file` command allows the skill to send any specified file from the system to a WhatsApp contact. If the LLM is not properly sandboxed or if it can be manipulated via prompt injection to specify sensitive file paths (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, or user documents), this capability could be exploited for data exfiltration. This also indicates excessive permissions if the LLM can access arbitrary file paths. Implement strict sandboxing for the skill's execution environment to limit file system access. Ensure the LLM's prompts are carefully engineered to prevent it from constructing arbitrary file paths for sensitive data. Consider adding a confirmation step or a whitelist for allowed file types/locations before sending files. | LLM | SKILL.md:39 | |
| LOW | Unpinned Go module dependency in installation instructions The Go installation instruction in the manifest uses `@latest` for the `wacli` module (`github.com/steipete/wacli/cmd/wacli@latest`). While common, using `@latest` means the exact version of the dependency is not pinned, which can lead to non-deterministic builds and introduces a supply chain risk if a future `latest` version introduces vulnerabilities or malicious code. Pin the Go module dependency to a specific version (e.g., `@v1.2.3`) to ensure deterministic builds and mitigate risks from upstream changes. Regularly update the pinned version after security review. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/790b160ded5f4937)
Powered by SkillShield