Trust Assessment
mineru-pdf received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Command Injection via Unquoted Environment Variable Expansion.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Unquoted Environment Variable Expansion The `MINERU_EXTRA_ARGS` environment variable is expanded without quotes (`${MINERU_EXTRA_ARGS}`) when assigned to the `extra` array. This allows an attacker to inject arbitrary shell commands using command substitution (e.g., `$(malicious_command)`) or other shell metacharacters. The `shellcheck disable=SC2206` comment explicitly acknowledges the risk of word splitting/globbing, which is the vector for this injection. Avoid unquoted expansion of untrusted input. If `MINERU_EXTRA_ARGS` is intended to provide multiple arguments, ensure it is parsed safely or that each argument is individually quoted. A safer approach might be to require `MINERU_EXTRA_ARGS` to be a single string that is passed as one argument, or to use `eval` with extreme caution and robust sanitization, which is generally not recommended. The safest fix is to remove the ability to pass arbitrary extra arguments via an environment variable that is subject to shell expansion. | LLM | scripts/mineru_parse.sh:128 |
Scan History
Embed Code
[](https://skillshield.io/report/d655b036df61658c)
Powered by SkillShield