zlib-download
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: During the installation process, the
setup.shscript downloads a pre-compiled binary (annas-mcp) from a GitHub repository (iosifache/annas-mcp) and prepares it for execution on the local system. - [EXTERNAL_DOWNLOADS]: Fetches versioned binary releases from GitHub to support Anna's Archive features. This download from a well-known service is documented neutrally as it is a required dependency for the skill's functionality.
- [COMMAND_EXECUTION]: The
book.pyscript executes the downloadedannas-mcpbinary usingsubprocess.runto perform book searches and downloads. Thesetup.shscript also executes shell commands to install dependencies and set file permissions. - [CREDENTIALS_UNSAFE]: Stores sensitive user information, including Z-Library login credentials and Anna's Archive API keys, in a local environment file (
~/.claude/book-tools/.env). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted book metadata from external sources.
- Ingestion points: Search results and metadata retrieved from Z-Library and Anna's Archive APIs in
book.pyandZlibrary.py. - Boundary markers: None implemented.
- Capability inventory: Includes file system writing, network communication, and subprocess command execution.
- Sanitization: Employs regular expressions to sanitize filenames and prevent path traversal or the use of illegal characters.
Audit Metadata