zlib-download-skill
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The
setup.shscript downloads a pre-compiled binary (annas-mcp) from an untrusted GitHub repository (iosifache/annas-mcp) that is not on the permitted list of trusted sources. - REMOTE_CODE_EXECUTION (HIGH): The skill downloads an external binary, sets execution permissions using
chmod +x, and executes it via thebook.pywrapper. This provides a direct path for arbitrary code execution if the remote binary or repository is compromised. - CREDENTIALS_UNSAFE (HIGH): The skill facilitates the storage of plaintext Z-Library and Anna's Archive credentials in a local configuration file (
~/.claude/book-tools/.env). Exposure of this file would lead to a full credential compromise. - COMMAND_EXECUTION (MEDIUM): The
setup.shscript performs shell-level operations including downloading, extracting, and installing software to the user's local binary directory. - INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted book metadata from external search APIs and presents it to the agent, creating a vulnerability surface. * Ingestion points:
scripts/book.py searchresults. * Boundary markers: Absent; no delimiters are used to separate untrusted book data from agent instructions. * Capability inventory: The skill can execute subprocesses viascripts/book.py download. * Sanitization: Absent; external data is presented directly to the agent without filtering or escaping.
Recommendations
- AI detected serious security threats
Audit Metadata