Trust Assessment
hn-extract received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 0 high, 2 medium, and 0 low severity. Key findings include Suspicious import: requests, Arbitrary File Write via Path Traversal, Server-Side Request Forgery (SSRF) Risk via Compromised Third-Party API.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Write via Path Traversal The skill allows writing arbitrary content to any location on the filesystem due to unsanitized user input for the output file path. The `--output` argument, which is user-controlled, is directly used to construct a `Path` object and write content using `path.write_text()`. An attacker can use path traversal sequences (e.g., `../../../`) to write to sensitive system files or create malicious files outside the intended skill directory. Sanitize the output path provided by the user to ensure it remains within an allowed, sandboxed directory. For example, resolve the path and verify it starts with a known safe base directory, or disallow `..` components. | LLM | hn-extract.py:69 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/guoqiao/hn-extract/hn-extract.py:18 | |
| MEDIUM | Server-Side Request Forgery (SSRF) Risk via Compromised Third-Party API The skill fetches article content from a URL (`article_url`) provided by the HackerNews Algolia API. If the HackerNews Algolia API were compromised, it could return a malicious `article_url` pointing to internal network resources or other sensitive endpoints. The `trafilatura.fetch_url()` function would then attempt to access this potentially malicious URL from the agent's environment, leading to an SSRF vulnerability. Implement stricter URL validation for `article_url` to ensure it points to expected public web domains and does not contain internal IP addresses or reserved network ranges. Consider using an allow-list of domains if possible. | LLM | hn-extract.py:150 | |
| INFO | Loosely Pinned Dependencies The skill uses loosely pinned dependencies (e.g., `requests>=2.32.5`). While this ensures a minimum version, it allows for automatic updates to newer minor or patch versions. If a future version of a dependency introduces a vulnerability or malicious code, the skill could unknowingly inherit it. For critical applications, exact pinning (`==`) or compatible release pinning (`~=`) is often preferred to ensure deterministic builds and reduce the risk of supply chain attacks. Pin dependencies to exact versions (e.g., `requests==2.32.5`) or use compatible release operators (e.g., `requests~=2.32.5`) to ensure deterministic builds and prevent unexpected dependency updates. Regularly audit and update dependencies. | LLM | hn-extract.py:4 |
Scan History
Embed Code
[](https://skillshield.io/report/cf0e76ec957db2f6)
Powered by SkillShield