paperclip
Fail
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The SKILL.md file suggests an installation method using
curl -sL https://skills.sh/paperclip | bash. This pattern downloads and executes a script from a remote server directly in the shell. - [EXTERNAL_DOWNLOADS]: The skill fetches the
paperclip-clipackage from npm and provides instructions to clone the author's official GitHub repository atgithub.com/ckorhonen/paperclip-cli.git. - [DATA_EXFILTRATION]: Provided scripts such as
comment.shandissues.shaccess thePAPERCLIP_API_KEYenvironment variable and include it in network requests to the endpoint defined byPAPERCLIP_API_URL. - [PROMPT_INJECTION]: The skill processes potentially untrusted data from an external API, creating a surface for indirect prompt injection.
- Ingestion points: scripts/issues.sh, scripts/status.sh, and scripts/comment.sh retrieve issue data and comments from the API.
- Boundary markers: No delimiters or safety warnings are present when displaying retrieved content.
- Capability inventory: The skill performs network operations via
curland executes shell commands via thepaperclipCLI. - Sanitization: No sanitization or escaping is applied to the data fetched from the API.
- [COMMAND_EXECUTION]: Utility scripts in the scripts/ directory perform shell operations and use
python3 -cfor processing data at runtime. - [CREDENTIALS_UNSAFE]: The documentation includes instructions to store sensitive API credentials in shell configuration files like
~/.zshrcor~/.bashrc.
Recommendations
- HIGH: Downloads and executes remote code from: https://skills.sh/paperclip - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata