Skill Trust Decision
likes-training-planner
Legitimate training platform skill with documented but dangerous curl|bash installation pattern that creates supply chain risk. Core functionality is benign with no active malicious behavior detected.
Most direct threat evidence
01
User executes curl|bash installation from documentation delivery · README.md
02
Remote install.sh script executes with user privileges exploitation · install.sh
03
Malicious install.sh could be served if repository is compromised, executing arbitrary code impact_potential · install.sh
Why this conclusion was reached
2/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Block
Hidden execution and egress
2 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 3 attack-chain steps and 0 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
Attack Chain
01
User executes curl|bash installation from documentation
delivery · README.md:37
02
Remote install.sh script executes with user privileges
exploitation · install.sh:1
03
Malicious install.sh could be served if repository is compromised, executing arbitrary code
impact_potential · install.sh
What drove the risk score up
curl|bash installation pattern +30
SKILL.md and README recommend piping curl to bash for installation. This allows remote server to execute arbitrary code. Found in README.md:35, SKILL.md:308, README.en.md:35
Supply chain risk +10
Installation pulls from gitee.com/chenyinshu and github.com/chenwynn. These repositories could be compromised to serve malicious install.sh at any time
Most important evidence
Medium Supply Chain
Dangerous curl|bash installation pattern
SKILL.md and README files recommend 'curl -fsSL <url> | bash' for installation. This pattern allows the remote server to execute arbitrary code on the user's machine. While the current install.sh is benign, the repository could be compromised to serve malicious code.
README.md:37 Replace with manual download instructions or use signed package verification. Consider providing SHA256 checksums for verification.
Medium Supply Chain
Multiple remote installation sources
Skill provides installation instructions from both Gitee and GitHub. Both sources are third-party and could be independently compromised.
likes-training-planner/SKILL.md:297 Use a single trusted source with integrity verification.
Declared capability vs actual capability
Filesystem Pass
Declared WRITE
→ Inferred WRITE
SKILL.md declares node scripts that write config/output files to ~/.openclaw/ Network Pass
Declared READ
→ Inferred READ
SKILL.md declares LIKES_API_KEY requirement; scripts make HTTPS API calls to my.likes.com.cn Shell Pass
Declared WRITE
→ Inferred WRITE
SKILL.md documents node script execution (node scripts/*.cjs) Environment Pass
Declared READ
→ Inferred READ
Scripts read LIKES_API_KEY from process.env only - legitimate use Suspicious artifacts and egress
Critical Dangerous Command
curl -fsSL https://gitee.com/chenyinshu/likes-training-planner/raw/main/install.sh | bash README.en.md:35
Critical Dangerous Command
curl -fsSL https://raw.githubusercontent.com/chenwynn/likes-training-planner/main/install.sh | bash likes-training-planner/SKILL.md:297
Medium External URL
https://gitee.com/chenyinshu/likes-training-planner/raw/main/install.sh README.en.md:35
Medium External URL
https://gitee.com/chenyinshu/likes-training-planner/releases/latest/download/likes-training-planner.skill README.en.md:43
Medium External URL
http://127.0.0.1:18789 README.en.md:56
Medium External URL
https://my.likes.com.cn README.en.md:63
Medium External URL
https://gitee.com/chenyinshu/likes-training-planner README.en.md:276
Medium External URL
https://gitee.com/chenyinshu/likes-training-planner/releases README.en.md:277
Medium External URL
https://my.likes.com.cn/api/open likes-training-planner/references/api-docs.md:8
Dependencies and supply chain
There are no structured dependency warnings.
File composition
45 files · 9197 lines
JavaScript 31 files · 5646 linesMarkdown 11 files · 3401 linesShell 3 files · 150 lines
Files of concern · 4
likes-training-planner/references/api-docs.md https://my.likes.com.cn/api/open
README.en.md curl -fsSL https://gitee.com/chenyinshu/likes-training-planner/raw/main/install.sh | bash · https://gitee.com/chenyinshu/likes-training-planner/raw/main/install.sh · https://gitee.com/chenyinshu/likes-training-planner/releases/latest/download/likes-training-planner.skill · http://127.0.0.1:18789 · https://my.likes.com.cn · https://gitee.com/chenyinshu/likes-training-planner · https://gitee.com/chenyinshu/likes-training-planner/releases
README.md Dangerous curl|bash installation pattern
likes-training-planner/SKILL.md Multiple remote installation sources · curl -fsSL https://raw.githubusercontent.com/chenwynn/likes-training-planner/main/install.sh | bash
Other files · push_plans.cjs · push_plans.cjs · api-docs.md · SKILL.md · fetch_activities.cjs · fetch_activities.cjs +2
Security positives
Core scripts (fetch_activities, push_plans, analyze_data) are well-written and legitimate
API calls use HTTPS to known endpoint (my.likes.com.cn)
No credential harvesting - only accesses LIKES_API_KEY for the training platform
No base64 encoding, obfuscation, or eval() patterns found
No access to ~/.ssh, ~/.aws, or other sensitive credential paths
No data exfiltration to unknown IPs
No reverse shell or RCE capabilities
Configuration properly scoped to skill-specific file (~/.openclaw/likes-training-planner.json)