Trust Assessment
wacli received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Arbitrary Code Execution via Malicious Installer Script, Untrusted Binary Download and Execution (Windows).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/wacli-xcb/SKILL.md:10 | |
| CRITICAL | Arbitrary Code Execution via Malicious Installer Script The skill's installation instructions for MacOS include a command that downloads a base64-encoded script from a suspicious IP address (91.92.242.30) and pipes it directly to `bash` for execution. This allows for arbitrary code execution on the host system from an untrusted source, posing a severe security risk including system compromise, data exfiltration, and credential harvesting. Remove the malicious installation command. All software installations should use trusted package managers or verified sources. Avoid direct execution of scripts downloaded from unknown or suspicious URLs/IP addresses. If `OpenClawProvider` is a legitimate dependency, provide a secure and verifiable installation method. | LLM | SKILL.md:13 | |
| HIGH | Untrusted Binary Download and Execution (Windows) The skill's installation instructions for Windows recommend downloading a password-protected ZIP file from an unknown GitHub user ('syazema') and running an executable from it. This constitutes a significant supply chain risk, as the source is unverified and the executable could contain malware, leading to system compromise or data loss. Replace the untrusted download link with a verified source, preferably a well-known package manager or an official, audited release. Ensure the integrity of downloaded binaries through checksums or digital signatures. | LLM | SKILL.md:9 | |
| MEDIUM | Potential Data Exfiltration via File Sending Capability The `wacli` tool provides a `send file` command that allows sending arbitrary files from the local filesystem (e.g., `/path/agenda.pdf`) to WhatsApp contacts. While this is an intended feature of the tool, it presents a significant data exfiltration risk if the AI agent is prompted by a malicious user to send sensitive files from the system. The agent must be carefully constrained and validated to prevent misuse of this capability. Implement strict validation and user confirmation mechanisms before allowing the AI agent to use the `wacli send file` command. Ensure the agent is explicitly instructed to only send files that are clearly intended by the user and to never send system files or files from sensitive directories without explicit, multi-factor confirmation. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/a57900eef0ca71f2)
Powered by SkillShield