Trust Assessment
paperless-ngx received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection in `curl` arguments, Broad Filesystem Access for Document Operations.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection in `curl` arguments The skill provides `curl` command examples that construct API requests using variables like `{id}`, `query`, `title`, etc. If the AI agent directly translates untrusted user input into these `curl` commands without proper sanitization or escaping, a malicious user could inject arbitrary shell commands. For example, providing `invoice; rm -rf /` as a query parameter could lead to unintended command execution on the host system. This risk is particularly high given the examples are raw `curl` commands, implying direct shell execution. Implement robust input sanitization and escaping for all user-provided parameters before constructing and executing shell commands. Prefer using API client libraries (e.g., Python's `requests`) that handle parameter serialization and escaping automatically over direct shell command execution. If shell execution is necessary, use a safe execution method that prevents command chaining (e.g., `subprocess.run` with `shell=False` and passing arguments as a list). | LLM | SKILL.md:25 | |
| MEDIUM | Broad Filesystem Access for Document Operations The skill demonstrates the ability to upload documents from the local filesystem (`-F "document=@/path/to/file.pdf"`) and download documents to the local filesystem (`-o document.pdf`). If the AI agent is granted broad read/write access to its host's filesystem, this capability could be abused. A malicious actor could potentially trick the agent into uploading sensitive files from arbitrary locations on the host or downloading malicious files to critical system paths, leading to data exfiltration or system compromise. Restrict the AI agent's filesystem access to only necessary, sandboxed directories for uploads and downloads. Implement strict validation on file paths provided by users to prevent directory traversal attacks. Consider using temporary, isolated storage for file operations and requiring explicit user confirmation for file access outside designated safe zones. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/4b25c45f2f87c83e)
Powered by SkillShield