Security Audit
lawvable/awesome-legal-skills:skills/pdf-processing-anthropic
github.com/lawvable/awesome-legal-skillsTrust Assessment
lawvable/awesome-legal-skills:skills/pdf-processing-anthropic received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Command Injection via `pdf2image`, Runtime Monkey Patching of Third-Party Library, Unpinned Dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 26, 2026 (commit 4d82d4cf). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via `pdf2image` The `scripts/convert_pdf_to_images.py` script uses `pdf2image.convert_from_path` with a PDF path provided directly from `sys.argv[1]`. The `pdf2image` library internally invokes external command-line tools (like `pdftoppm` or `pdftocairo`). If the `pdf_path` argument is not properly sanitized or escaped before being passed to the underlying shell command, an attacker could inject arbitrary shell commands by crafting a malicious PDF filename (e.g., `'; rm -rf /tmp;'`). Ensure that any external command-line arguments derived from untrusted input are properly escaped using `shlex.quote()` before being passed to `subprocess` calls, or use a library function that explicitly handles argument sanitization. Alternatively, if `pdf2image` offers a way to pass arguments as a list (e.g., `['pdftoppm', pdf_path]`) instead of a single string, prefer that method. | Static | scripts/convert_pdf_to_images.py:16 | |
| MEDIUM | Runtime Monkey Patching of Third-Party Library The `scripts/fill_fillable_fields.py` script performs a 'monkey patch' on the `pypdf.generic.DictionaryObject.get_inherited` method at runtime. This practice modifies the behavior of a third-party library outside of its intended API. While stated to fix a bug, it introduces significant supply chain risks, including potential instability, unexpected behavior, and difficulty in debugging. Future updates to `pypdf` could break this patch or introduce new vulnerabilities if the patched code's assumptions change. It also makes the skill's behavior less predictable and harder to audit. Avoid runtime monkey patching. If a bug exists in a dependency, the preferred approach is to: 1) Report the bug to the library maintainers. 2) Use a specific, known-good version of the library if a fix is pending. 3) Fork the library and apply the fix if immediate resolution is critical and upstream is unresponsive. 4) Implement a workaround that does not involve modifying the library's internal code, if possible. If patching is absolutely necessary, it should be done with extreme caution, thoroughly documented, and ideally isolated to a very specific, minimal change. | Static | scripts/fill_fillable_fields.py:110 | |
| LOW | Unpinned Dependencies The skill relies on several Python libraries (`pypdf`, `pdfplumber`, `reportlab`, `pytesseract`, `pdf2image`, `pandas`) but does not specify exact versions (e.g., via a `requirements.txt` with pinned versions). This can lead to supply chain risks where newer, potentially incompatible or vulnerable versions of these libraries are installed, causing runtime errors or introducing security flaws that were not present in the versions used during development. Provide a `requirements.txt` file with pinned versions for all direct and transitive dependencies (e.g., `pypdf==3.17.1`). Regularly audit and update these dependencies to mitigate known vulnerabilities. | Static | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/3be7c780164e7c3c)
Powered by SkillShield