Security Audit

lucifer1004/claude-skill-typst:skills/typst

github.com/lucifer1004/claude-skill-typst

AI SkillCommit 75a4ed9fa66e

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

lucifer1004/claude-skill-typst:skills/typst received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Arbitrary File Read via `typst compile` command, Arbitrary File Read via `perf-timings.py` script.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on March 6, 2026 (commit 75a4ed9f). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

70%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Arbitrary File Read via `typst compile` command The skill documentation provides examples of using `typst compile` with file paths (e.g., `document.typ`, `src/main.typ`). If an AI agent were to construct these file paths directly from untrusted user input without proper validation or sanitization, an attacker could specify a path to an arbitrary sensitive file (e.g., `../../../../etc/passwd`). The `typst` CLI would then attempt to read and process the content of this file, leading to potential data disclosure. The `--root` argument, if user-controlled, could also expand the scope of files accessible by `typst`. When executing `typst compile`, ensure that all file path arguments (e.g., input document path, `--root` directory) are either generated internally by the agent or are strictly validated and sanitized if derived from untrusted user input. Avoid passing arbitrary user-controlled file paths or root directories to the `typst` CLI.	Static	SKILL.md:100
HIGH	Arbitrary File Read via `perf-timings.py` script The `examples/perf-timings.py` script is designed to read a JSON file specified by its `timings` argument. If an AI agent were to use this script and allow an untrusted user to specify the `timings` file path, an attacker could provide a path to an arbitrary sensitive file (e.g., `../../../../etc/passwd`). The script would then attempt to open and read the content of that file, leading to potential data disclosure. Ensure that the `timings` argument passed to `perf-timings.py` is either generated internally by the agent or is strictly validated and sanitized if derived from untrusted user input. Avoid passing arbitrary user-controlled file paths to this script.	Static	examples/perf-timings.py:67

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/588e7bdbaa3e58f1.svg)](https://skillshield.io/report/588e7bdbaa3e58f1)