Trust Assessment
mineru received a trust score of 48/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Persistence mechanism: Shell RC file modification, Potential Server-Side Request Forgery (SSRF) via `curl` URL parameter.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/easonai-5589/mineru/SKILL.md:150 | |
| HIGH | Potential Server-Side Request Forgery (SSRF) via `curl` URL parameter The skill demonstrates `curl` commands that send a `url` parameter to an external API (`https://mineru.net/api/v4/extract/task`). If the AI agent constructs this `url` parameter from untrusted user input without proper validation, a malicious user could provide a URL pointing to internal network resources or other sensitive targets. This could lead to Server-Side Request Forgery (SSRF), allowing the agent to be used as a proxy for internal network reconnaissance or attacks. Ensure that any `url` parameter passed to the `mineru.net` API, if derived from user input, is strictly validated to prevent access to internal or unauthorized external resources. Implement a whitelist of allowed domains or a robust URL validation mechanism. | LLM | SKILL.md:68 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/easonai-5589/mineru/SKILL.md:150 | |
| MEDIUM | Filesystem Path Traversal Risk with `unzip` command The skill demonstrates the use of the `unzip` command to extract a `result.zip` file downloaded from the MinerU API. While the example uses `-d .` to extract to the current directory, if the `result.zip` file were to contain malicious entries with path traversal sequences (e.g., `../../etc/passwd`), the `unzip` command could write files outside the intended directory. This risk is present if the source of the zip file (MinerU API) is compromised or if a Man-in-the-Middle attack allows for tampering with the downloaded archive. When extracting archives from external sources, ensure the agent's execution environment is sandboxed to prevent writes outside the designated temporary directory. Alternatively, use a more secure archive extraction library that sanitizes paths or explicitly checks for path traversal attempts. | LLM | SKILL.md:147 |
Scan History
Embed Code
[](https://skillshield.io/report/7f69e0905a7ae33c)
Powered by SkillShield