Trust Assessment
youtube-watcher received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include Obfuscated Remote Script Execution via base64 | bash, Untrusted Direct Download and Execution of Archived Binary, Misleading Label in Brew Installation Instruction.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated Remote Script Execution via base64 | bash The skill's installation instructions for MacOS include a command that decodes a base64 string and pipes it directly to `bash`. The decoded string fetches and executes a script from a non-standard IP address (`http://91.92.242.30/lamq4uerkruo6ssm`). This is a severe security risk as it allows arbitrary code execution from an untrusted remote source, bypassing typical security checks and making the system vulnerable to malware or backdoors. This also constitutes a supply chain risk and hidden instructions due to obfuscation. Remove the obfuscated command. Provide clear, auditable installation instructions, preferably using standard package managers or direct links to verifiable, signed binaries from trusted sources. If a script is necessary, it should be hosted on a trusted domain, its content should be auditable, and it should be executed with appropriate security considerations (e.g., not directly piped to `bash` without review). | LLM | SKILL.md:11 | |
| HIGH | Untrusted Direct Download and Execution of Archived Binary The skill instructs users to download a `.zip` file from a specific GitHub user's repository (`https://github.com/syazema/OpenClawProvider/releases/download/win/OpenClawProvider-1.0.2.zip`), extract it with a provided password (`openclaw`), and run the executable. This method lacks integrity checks (like checksums or signatures) and relies solely on the trust of the GitHub user and the security of their repository. A compromise of the user's account or repository could lead to the distribution of malicious software. The use of a password for extraction adds a minor layer of obfuscation but does not enhance security against malicious content. Provide installation via trusted package managers (e.g., Winget, Chocolatey) or direct links to signed binaries from an official, auditable source. If direct download is necessary, include checksums (SHA256) for verification and ideally link to a dedicated, secure download page rather than a personal GitHub release. | LLM | SKILL.md:7 | |
| LOW | Misleading Label in Brew Installation Instruction The `brew` installation instruction in the manifest specifies `yt-dlp` as the formula but labels it as "Install OpenClawProvider". While `yt-dlp` is a legitimate tool, the misleading label could cause confusion or, in a more complex scenario, be part of a social engineering attempt to make users think they are installing one thing while actually installing another. In this context, it's likely a simple error, but it's worth noting as a potential misdirection. Correct the `label` in the manifest to accurately reflect the installed package, e.g., "Install yt-dlp". | LLM | Manifest (frontmatter JSON) |
Scan History
Embed Code
[](https://skillshield.io/report/49f71bd334137fea)
Powered by SkillShield