Security Audit

Yuan1z0825/nature-skills:skills/nature-academic-search

github.com/Yuan1z0825/nature-skills

AI SkillCommit c9b874a675e2

CRITICAL

Scanned 5 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

Yuan1z0825/nature-skills:skills/nature-academic-search received a trust score of 0/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 25 findings: 0 critical, 12 high, 13 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Suspicious import: urllib.request, Suspicious import: requests.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on June 2, 2026 (commit c9b874a6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

10%

Static Code Analysis

Dependency Graph

65%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

8 findings

Shell Execution

8 findings

Dynamic Code

6 findings

Excessive Permissions

8 findings

Security Findings25

Severity	Finding	Layer	Location
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/nature-academic-search/mcp-server/tests/test_sources.py:719
HIGH	Unsafe deserialization / dynamic eval Python builtins/import manipulation Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/nature-academic-search/mcp-server/tests/test_sources.py:515
HIGH	Unsafe deserialization / dynamic eval Python builtins/import manipulation Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/nature-academic-search/mcp-server/tests/test_sources.py:553
HIGH	Unsafe deserialization / dynamic eval Python builtins/import manipulation Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/nature-academic-search/mcp-server/tests/test_sources.py:574
HIGH	Unsafe deserialization / dynamic eval Python builtins/import manipulation Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/nature-academic-search/mcp-server/tests/test_sources.py:595
HIGH	Unsafe deserialization / dynamic eval Python builtins/import manipulation Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/nature-academic-search/mcp-server/tests/test_sources.py:624
HIGH	Dangerous call: __import__() Call to '__import__()' detected in function 'test_search_returns_unified_format'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Static	skills/nature-academic-search/mcp-server/tests/test_sources.py:515
HIGH	Dangerous call: __import__() Call to '__import__()' detected in function 'test_search_with_date_filter'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Static	skills/nature-academic-search/mcp-server/tests/test_sources.py:553
HIGH	Dangerous call: __import__() Call to '__import__()' detected in function 'test_search_with_categories'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Static	skills/nature-academic-search/mcp-server/tests/test_sources.py:574
HIGH	Dangerous call: __import__() Call to '__import__()' detected in function 'test_get_by_id'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Static	skills/nature-academic-search/mcp-server/tests/test_sources.py:595
HIGH	Dangerous call: __import__() Call to '__import__()' detected in function 'test_get_by_id_not_found'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Static	skills/nature-academic-search/mcp-server/tests/test_sources.py:624
HIGH	Arbitrary Code Execution via Shell Interpolation in Python Inline Script The installer script `install.sh` interpolates the user-supplied `PUBMED_EMAIL` variable directly into a Python inline script executed via `python3 -c`. If the `PUBMED_EMAIL` argument contains single quotes or other malicious Python code, it can break out of the string literal and execute arbitrary Python code during installation. Avoid direct shell interpolation of user-controlled variables into the Python script string. Instead, pass the variable via environment variables, for example: `PUBMED_EMAIL="$PUBMED_EMAIL" MCP_TARGET="$MCP_TARGET" MCP_JSON="$MCP_JSON" python3 -c "import os, json; ... pmid = os.environ['PUBMED_EMAIL'] ..."`	LLM	install.sh:41
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/nature-academic-search/mcp-server/sources/arxiv.py:6
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/nature-academic-search/mcp-server/sources/crossref.py:5
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/nature-academic-search/mcp-server/sources/pubmed.py:9
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/nature-academic-search/mcp-server/tests/test_sources.py:183
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/nature-academic-search/scripts/format-converter.py:32
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/nature-academic-search/scripts/format-converter.py:334
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/nature-academic-search/scripts/preflight.py:16
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/nature-academic-search/install.sh:7
MEDIUM	Unpinned Python dependency version Requirement 'mcp>=1.0.0,<2.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/nature-academic-search/mcp-server/requirements.txt:1
MEDIUM	Unpinned Python dependency version Requirement 'requests>=2.28.0,<3.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/nature-academic-search/mcp-server/requirements.txt:2
MEDIUM	Unpinned Python dependency version Requirement 'toml>=0.10.2,<2.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/nature-academic-search/mcp-server/requirements.txt:3
MEDIUM	Unpinned Python dependency version Requirement 'lxml>=4.9.0,<6.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/nature-academic-search/mcp-server/requirements.txt:4
MEDIUM	Unpinned Python dependency version Requirement 'pybliometrics>=4.4.1,<5.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/nature-academic-search/mcp-server/requirements.txt:5

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/df74b4e87c978190.svg)](https://skillshield.io/report/df74b4e87c978190)