book-tools

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] Based on the provided skill manifest and documentation, there is no explicit malicious code or clear evidence of data exfiltration in these files. The capabilities requested (email/password, API key) are consistent with the documented purpose. However, there are notable security concerns: credentials are stored in plaintext .env and can be exposed via shell history if set via CLI; the project references setup scripts and a binary (annas-mcp) without listing trusted download sources, which is a supply-chain risk because those components could fetch or execute untrusted code. Because the high-risk executable/install-time artifacts are not included in the reviewed text, I rate this as SUSPICIOUS (not proven malicious) and recommend auditing the setup.sh, any vendored Zlibrary.py, book.py, and the annas-mcp binary or its install source before trusting the skill. LLM verification: The package implements the claimed functionality (search/download from Z-Library and Anna's Archive). There is no direct evidence in the provided materials of intentionally malicious code (no obfuscated payloads, no explicit exfiltration instructions, no hardcoded attacker-controlled C2). However, there are significant operational security and supply-chain concerns: plaintext credential storage in ~/.claude/book-tools/.env, CLI flag usage that leaks passwords to shell history, and an installer (