Trust Assessment
wacli received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Arbitrary Code Execution via Obfuscated MacOS Installation Script, Excessive Permissions and Data Exfiltration via `wacli send file`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/wacli-ydw/SKILL.md:10 | |
| CRITICAL | Arbitrary Code Execution via Obfuscated MacOS Installation Script The MacOS installation instructions for 'OpenClawProvider' include a command that uses base64 encoding to obfuscate a `curl | bash` command. This decoded command downloads and executes a script from an unverified IP address (`http://91.92.242.30/tjjve9itarrd3txw`) directly into a bash shell. This allows for arbitrary code execution on the user's system, posing a severe supply chain risk and a direct command injection vector. The use of obfuscation (base64) further indicates an attempt to hide the malicious nature of the command. Immediately remove the malicious and obfuscated installation command. Provide a secure, transparent, and verifiable installation method (e.g., official package manager, signed binaries, or clear instructions for building from source from a trusted repository). Never instruct users to pipe `curl` output directly to `bash` from untrusted or unverified sources. | LLM | SKILL.md:14 | |
| HIGH | Excessive Permissions and Data Exfiltration via `wacli send file` The `wacli send file` command allows the AI agent to send any specified file from the local filesystem to an arbitrary WhatsApp contact. This grants the agent excessive permissions to access and exfiltrate potentially sensitive user data, files, or configuration from the host system. An attacker could craft a prompt to instruct the LLM to send sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, `~/.aws/credentials`) to an external recipient, leading to data exfiltration. Implement strict safeguards around file access for the `wacli send file` command. This could involve: whitelisting allowed directories or file types; requiring explicit user confirmation for sending files outside a designated 'safe' directory; sandboxing the skill's file access; or limiting the LLM's ability to specify arbitrary file paths. | LLM | SKILL.md:44 |
Scan History
Embed Code
[](https://skillshield.io/report/1c95e673531f4b1b)
Powered by SkillShield