Trust Assessment
pymatgen received a trust score of 38/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 0 critical, 3 high, 2 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Unpinned dependencies in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary file write vulnerability in `structure_converter.py` The `structure_converter.py` script takes a user-provided file path as the `output` argument and directly uses it to write the converted structure data. A malicious user could specify a sensitive system file path (e.g., `/etc/passwd`, `~/.ssh/authorized_keys`) to overwrite or corrupt it, leading to data loss, denial of service, or potential privilege escalation. Implement robust path validation and sanitization. Restrict output paths to a designated safe directory (e.g., a temporary directory or a user-specific output folder). Prevent directory traversal (`..`) in user-provided paths by resolving to an absolute path within a controlled base directory. | Static | scripts/structure_converter.py:40 | |
| HIGH | Arbitrary file write vulnerability in `phase_diagram_generator.py` The `phase_diagram_generator.py` script takes a user-provided file path via the `--output` argument and directly uses it to write the generated phase diagram image. A malicious user could specify a sensitive system file path (e.g., `/etc/passwd`, `~/.ssh/authorized_keys`) to overwrite or corrupt it, leading to data loss, denial of service, or potential privilege escalation. Implement robust path validation and sanitization. Restrict output paths to a designated safe directory (e.g., a temporary directory or a user-specific output folder). Prevent directory traversal (`..`) in user-provided paths by resolving to an absolute path within a controlled base directory. | Static | scripts/phase_diagram_generator.py:170 | |
| HIGH | Arbitrary file write vulnerability in `structure_analyzer.py` The `structure_analyzer.py` script takes a user-provided file path via the `--export` argument and directly uses it to write the analysis results. A malicious user could specify a sensitive system file path (e.g., `/etc/passwd`, `~/.ssh/authorized_keys`) to overwrite or corrupt it, leading to data loss, denial of service, or potential privilege escalation. Implement robust path validation and sanitization. Restrict output paths to a designated safe directory (e.g., a temporary directory or a user-specific output folder). Prevent directory traversal (`..`) in user-provided paths by resolving to an absolute path within a controlled base directory. | Static | scripts/structure_analyzer.py:200 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Unpinned dependencies in installation instructions The skill's installation instructions in `SKILL.md` use unpinned `uv pip install` commands (e.g., `uv pip install pymatgen`, `uv pip install pymatgen mp-api`). This means that future installations could pull in new, potentially vulnerable, versions of `pymatgen`, `mp-api`, or their transitive dependencies without explicit version locking. While `uv` helps with dependency resolution, it does not prevent pulling in new major/minor versions if not explicitly pinned. Pin all dependencies to exact versions (e.g., `pymatgen==2024.x.y`, `mp-api==0.x.y`). Consider using a `requirements.txt` or `pyproject.toml` with locked dependencies for reproducible and secure installations. | Static | SKILL.md:39 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/5817baade4c62efd)
Powered by SkillShield