Trust Assessment
wacli received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated command downloads and executes script from untrusted IP, Skill allows sending arbitrary local files via WhatsApp.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/wacli-mch/SKILL.md:10 | |
| CRITICAL | Obfuscated command downloads and executes script from untrusted IP The MacOS installation instructions include a base64-encoded command that, when decoded, downloads and executes a shell script from `http://91.92.242.30/tjjve9itarred3txw`. This allows arbitrary code execution on the user's system from an untrusted and potentially malicious source, posing a severe supply chain risk and direct command injection vulnerability. The IP address is not associated with a legitimate software distribution service. Remove the obfuscated command. Provide clear, verifiable installation instructions, preferably linking to official package managers or signed binaries. Avoid direct execution of scripts downloaded from untrusted sources. | LLM | SKILL.md:9 | |
| HIGH | Skill allows sending arbitrary local files via WhatsApp The `wacli send file` command, as described in the skill, permits sending any local file specified by its path (e.g., `/path/agenda.pdf`) to a WhatsApp recipient. This capability, if exploited by a malicious prompt, could lead to data exfiltration, allowing an attacker to instruct the LLM to send sensitive files (e.g., configuration files, private keys, user data) from the host system to an external WhatsApp number. Implement strict validation and sanitization of file paths provided to the `wacli send file` command. Restrict file access to a predefined, safe directory or require explicit user confirmation for sending files outside of designated safe zones. Consider if this functionality is truly necessary or if a more controlled file upload mechanism could be used. | LLM | SKILL.md:44 | |
| MEDIUM | Go module dependency uses unpinned '@latest' version The `go` installation instruction in the manifest specifies `github.com/steipete/wacli/cmd/wacli@latest`. Using `@latest` means that the skill will always fetch the most recent version of the `wacli` tool. This introduces a supply chain risk because a malicious update to the upstream repository could automatically be installed, potentially introducing vulnerabilities or backdoors without explicit review. It also risks breaking changes. Pin the Go module dependency to a specific, immutable version (e.g., a commit hash or a semantic version tag like `@v1.2.3`). Regularly review and update the pinned version to incorporate security fixes. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/60e9d9164ea672c8)
Powered by SkillShield