Trust Assessment
arxiv received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 1 high, 3 medium, and 2 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Unpinned Python dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Path Traversal Vulnerability in PDF Download Output Directory The `download_pdf` function in `arxiv_tool.py` allows the `output_dir` to be specified via a command-line argument (`--output`). This argument is not sanitized or restricted to a safe directory. A malicious user could provide a path like `/etc/` or `/root/.ssh/` to attempt to write PDF files to arbitrary locations on the filesystem, potentially overwriting critical system files or sensitive user data, leading to data corruption or privilege escalation. Implement strict validation and sanitization for the `output_dir` argument. Restrict the `output_dir` to a predefined, safe directory (e.g., a subdirectory within the skill's own data directory) or ensure it's a relative path within a controlled sandbox. Consider using `os.path.abspath` and checking if the resolved path is within an allowed base directory before creating or writing files. | LLM | arxiv_tool.py:107 | |
| MEDIUM | Unpinned npm dependency version Dependency 'python' is not pinned to an exact version ('>=3.8'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/ractorrr/arxiv/package.json | |
| MEDIUM | Unpinned Python dependency version Requirement 'arxiv>=2.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/ractorrr/arxiv/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pymongo>=4.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/ractorrr/arxiv/requirements.txt:2 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/ractorrr/arxiv/package.json | |
| LOW | Weak Dependency Pinning in Package Configuration The `package.json` and `requirements.txt` files specify dependencies using the loose `>=` operator (e.g., `arxiv: ">=2.0.0"`). This allows for any future version of the dependency to be installed, including new major versions that might introduce breaking changes, unvetted code, or even new vulnerabilities that have not been audited. While this allows for automatic security patches, it also increases the risk of unexpected behavior or supply chain attacks if a future version is compromised. Pin dependencies to exact versions (e.g., `arxiv: "2.0.0"`) or use a more restrictive range (e.g., `~2.0.0` or `^2.0.0`) to ensure only compatible and vetted updates are installed. Regularly review and update dependencies to incorporate security fixes while maintaining stability. | LLM | package.json:20 |
Scan History
Embed Code
[](https://skillshield.io/report/d55b6e68ab1b0146)
Powered by SkillShield