Trust Assessment
paperless-ngx received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Arbitrary File Read via Upload Function, Arbitrary File Write via Download Function.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via Upload Function The `upload.mjs` script reads the content of a file specified by the user's positional argument `filePath` using `fs.readFile()`. A malicious user could provide a path to any sensitive file on the system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) if the skill has sufficient filesystem permissions. The content of this file would then be sent to the configured `PAPERLESS_URL`, potentially exfiltrating sensitive data to an attacker-controlled server if `PAPERLESS_URL` is compromised or maliciously set. Implement strict path validation to ensure `filePath` refers only to files within an allowed, sandboxed directory. Avoid reading arbitrary file paths provided directly by user input. If the skill must read user-specified files, ensure the execution environment is strictly sandboxed to prevent access to sensitive system directories. | LLM | scripts/upload.mjs:56 | |
| HIGH | Arbitrary File Write via Download Function The `download.mjs` script allows a user to specify an arbitrary output path for downloaded documents using the `--output <path>` argument. The script directly uses this user-provided path in `writeFile(outputPath, buffer)`. A malicious user could specify a path outside the intended download directory (e.g., `../../../../etc/cron.d/malicious_job`) to overwrite or create files in sensitive system locations, leading to privilege escalation or system compromise if the skill has write permissions to those locations. Implement strict path validation for the `--output` argument to ensure `outputPath` is confined to a designated, sandboxed download directory. Prevent directory traversal attacks by sanitizing user-provided paths before using them in filesystem operations. | LLM | scripts/download.mjs:55 |
Scan History
Embed Code
[](https://skillshield.io/report/396c163ef238ea37)
Powered by SkillShield