Skill Trust Decision
Unknown (E-SafeNet LOCK visible in binary)
SKILL.md contains binary/corrupted content instead of readable documentation, preventing any verification of skill behavior or declared capabilities.
Most direct threat evidence
Critical Obfuscation
Binary content in SKILL.md SKILL.md contains binary/encoded data (6.3KB) instead of readable markdown documentation. This prevents any security audit of the skill's stated behavior, declared permissions, or intended functionality.
SKILL.md:1 Why this conclusion was reached
1/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Pass
Hidden execution and egress
No obvious high-risk egress or execution signals were found.
Block
Attack chain and severe findings
The report includes 3 attack-chain steps and 2 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
Attack Chain
01
Skill distributed with binary SKILL.md that appears legitimate but contains no verifiable documentation
Entry · SKILL.md:1
02
Binary content hides true skill functionality from security audits
stealth · SKILL.md:1
03
Potential for undeclared sensitive behavior (credential access, data exfiltration, shell execution) cannot be ruled out
Impact · SKILL.md:1
What drove the risk score up
Binary content in SKILL.md +30
SKILL.md contains binary/encoded data instead of readable markdown - cannot verify stated behavior
Complete obfuscation +20
No transparent documentation means the skill's true purpose is hidden
Unverifiable capabilities +10
Cannot map declared vs inferred permissions without readable SKILL.md
No implementation files +10
No scripts or code files present - skill may execute entirely through hidden mechanisms
Most important evidence
Critical Obfuscation
Binary content in SKILL.md
SKILL.md contains binary/encoded data (6.3KB) instead of readable markdown documentation. This prevents any security audit of the skill's stated behavior, declared permissions, or intended functionality.
SKILL.md:1 Reject this skill. A legitimate skill should provide clear, human-readable documentation. Binary SKILL.md content is a strong indicator of obfuscation or malicious intent.
High Doc Mismatch
No verifiable documentation
The skill provides no readable documentation, making it impossible to verify what it does, what permissions it requires, or what data it accesses.
SKILL.md:1 Request documentation from the skill publisher. Without readable SKILL.md, this skill cannot be approved for use.
Declared capability vs actual capability
Filesystem Pass
Declared UNKNOWN
→ Inferred UNKNOWN
Cannot read SKILL.md to verify declared permissions Network Pass
Declared UNKNOWN
→ Inferred UNKNOWN
Cannot read SKILL.md to verify network access Shell Pass
Declared UNKNOWN
→ Inferred UNKNOWN
Cannot read SKILL.md to verify shell access Environment Pass
Declared UNKNOWN
→ Inferred UNKNOWN
Cannot read SKILL.md to verify environment access Suspicious artifacts and egress
No obvious IOC was extracted.
Dependencies and supply chain
There are no structured dependency warnings.
File composition
1 files · 11 lines
Markdown 1 files · 11 lines
Files of concern · 1
SKILL.md Binary content in SKILL.md · No verifiable documentation
Security positives
No explicit security positives were supplied.