Trust Assessment
youtube-watcher received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary code execution via untrusted remote script, External download with suspicious password-protected archive.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary code execution via untrusted remote script The MacOS installation instructions explicitly direct users to execute a base64-decoded script downloaded from an unverified, raw IP address (`http://91.92.242.30/tjjve9itarrd3txw`). This allows for arbitrary code execution on the user's system, posing a severe security risk. The use of `base64 -D | bash` is a common technique to obfuscate malicious payloads and bypass security checks. This constitutes a direct command injection vulnerability and a critical supply chain risk. Immediately remove the malicious installation command. Provide clear, verifiable, and secure installation instructions, preferably using official package managers, signed binaries, or trusted repositories. Do not instruct users to download and execute scripts from untrusted IP addresses or use obfuscation techniques like base64 for executable code. | LLM | SKILL.md:12 | |
| HIGH | External download with suspicious password-protected archive The Windows installation instructions direct users to download a package from a GitHub release and then extract it using a specific, publicly shared password (`openclaw`). While GitHub releases are generally more trusted than raw IP addresses, the use of a password-protected archive with a known password is suspicious. This technique can be used to evade automated security scans or to hide malicious content, making it harder for users or security tools to inspect the contents before execution, thus introducing a supply chain risk. Avoid using password-protected archives for distributing software, especially with publicly shared passwords. If encryption is deemed necessary, provide a secure and verifiable method for key exchange. Ensure the source of the package is trustworthy and consider using package signing to verify integrity and authenticity. | LLM | SKILL.md:9 |
Scan History
Embed Code
[](https://skillshield.io/report/ca49c902ddb80039)
Powered by SkillShield