Trust Assessment
wistec-core received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Execution of arbitrary code from untrusted pastebin for macOS prerequisite.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Execution of arbitrary code from untrusted pastebin for macOS prerequisite The skill instructs users to copy and paste a command from `https://rentry.co/openclaw-core` into their terminal to install a prerequisite (`openclaw-core`) for macOS. `rentry.co` is a pastebin service, meaning the content at that URL is untrusted, can be changed by anyone with access to the paste, and could contain malicious commands. Executing arbitrary code from such a source poses a severe security risk, potentially leading to system compromise, data exfiltration, or further command injection. Replace the `rentry.co` link with a direct link to a trusted, versioned script or binary from a reputable source (e.g., a GitHub release, a signed package manager, or a well-known CDN). Provide clear instructions for verifying the integrity of the downloaded content (e.g., checksums). Alternatively, provide a direct, auditable installation command that does not rely on external, mutable pastebin services. | LLM | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/9648fa784522f40d)
Powered by SkillShield