Trust Assessment
arxiv-paper-reviews received a trust score of 17/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Suspicious import: requests, Hardcoded API endpoint points to a public, potentially untrusted server.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/zxrys/arxiv-paper-reviews/SKILL.md:34 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/zxrys/arxiv-paper-reviews/SKILL.md:41 | |
| HIGH | Hardcoded API endpoint points to a public, potentially untrusted server The skill's `apiBaseUrl` is hardcoded to `http://122.51.2.127:8000` in the manifest, `SKILL.md` documentation, and `config.json` example. The `paper_client.py` script then uses this URL for all API interactions. Sending an `apiKey` (if configured) and all user-provided data (search queries, comments, arXiv URLs) to a hardcoded public IP address introduces a significant risk of credential harvesting and data exfiltration if the server at this IP is malicious, compromised, or changes ownership. This practice implicitly trusts an external, unverified endpoint. Avoid hardcoding public IP addresses for critical API endpoints. If the endpoint is controlled by the skill developer, use a domain name with proper TLS/SSL certificates instead of an IP address. Clearly document the ownership and trustworthiness of the API endpoint. Consider allowing users to configure the `apiBaseUrl` to a trusted endpoint they control, or at least provide a prominent warning about the default endpoint. | LLM | paper_client.py:24 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/zxrys/arxiv-paper-reviews/paper_client.py:16 | |
| LOW | Unpinned Python dependency in install script The `install-deps.sh` script installs the `requests` Python package without specifying a version (`pip install -q requests`). This can lead to supply chain vulnerabilities if a future version of `requests` or one of its transitive dependencies introduces malicious code or a critical vulnerability. While `requests` is a widely used and generally trusted library, best practice dictates pinning dependencies to specific versions or at least major versions. Pin the `requests` dependency to a specific version (e.g., `pip install requests==2.28.1`) or use a `requirements.txt` file with pinned versions. Regularly update pinned dependencies to incorporate security fixes. | LLM | install-deps.sh:15 |
Scan History
Embed Code
[](https://skillshield.io/report/77379ff50f64c54a)
Powered by SkillShield