zlib-download

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The package, as documented, implements a legitimate CLI for searching/downloading ebooks but has notable security and supply-chain concerns: plaintext credential storage and token caching, credential exposure via CLI history, and lack of provenance for optional external binaries and installers. There is no explicit evidence in the provided materials of obfuscated or malicious code, but the absence of the actual scripts and binaries prevents a full verdict. Recommendations: inspect ${SKILL_PATH}/scripts/book.py, setup.sh, vendored Zlibrary.py, and any annas-mcp binaries before use; require checksums/signatures for any downloaded installers; prefer OS keyrings or encrypted store for credentials; avoid CLI argument credentials; set ~/.claude/book-tools to restrictive permissions (chmod 700 and chmod 600 on secrets). LLM verification: This skill's stated purpose (searching and downloading books) matches its requested capabilities, but it contains multiple supply-chain and credential-handling risks. The main issues: plaintext credential storage in ~/.claude/book-tools/.env and advice to pass credentials on the CLI (shell history exposure); unproven install steps that invoke setup.sh and an external 'annas' binary with no pinned, verified sources (download-execute risk); unspecified network endpoints and mention of a 'vendored'