Security Audit

Yuan1z0825/nature-skills:skills/nature-polishing

github.com/Yuan1z0825/nature-skills

AI SkillCommit c9b874a675e2

CAUTION

Scanned 5 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

Yuan1z0825/nature-skills:skills/nature-polishing received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary File Read via Path Traversal in Manifest Parsing, Arbitrary Command Execution via Automatic LaTeX Compilation.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on June 2, 2026 (commit c9b874a6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

2 findings

Shell Execution

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Arbitrary File Read via Path Traversal in Manifest Parsing The skill instructions direct the LLM to read `manifest.yaml` and load file paths mapped within it without enforcing boundaries or validating that the paths are restricted to the skill's safe `static/` directory. If an untrusted repository provides a malicious `manifest.yaml` containing relative paths (e.g., `../../../../etc/passwd` or `~/.ssh/id_rsa`), the LLM will read these sensitive files into its context, leading to potential data exposure or exfiltration. Instruct the LLM to strictly validate that all file paths resolved from `manifest.yaml` are located within the skill's designated `static/` directory and do not contain directory traversal sequences (like `..`) or absolute paths.	LLM	SKILL.md:16
MEDIUM	Arbitrary Command Execution via Automatic LaTeX Compilation The skill instructs the LLM to "Always compile and visually inspect rendered pages before and after" when handling LaTeX layout/typesetting requests. Automatically running compilation commands (such as `pdflatex` or `latexmk`) on untrusted LaTeX documents poses a security risk, as LaTeX documents can execute arbitrary shell commands via shell escape (`\write18`) or exploit vulnerabilities in the TeX distribution. Avoid instructing the LLM to automatically compile LaTeX files. Instead, ask the user to compile the files themselves and provide the logs or rendered output, or ensure that any compilation is performed in a strictly sandboxed environment with shell escape disabled (`-no-shell-escape`).	LLM	SKILL.md:46

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a51c1806636f9f85.svg)](https://skillshield.io/report/a51c1806636f9f85)