All skills
Skillintermediate

Security Scan Report

**Generated:** 2026-04-20 10:43 UTC **Skills scanned:** 134 **Total findings:** 821 **Critical:** 68 | **High:** 57 | **Safe skills:** 93/134

Claude Code Knowledge Pack7/10/2026

Overview

Security Scan Report

Generated: 2026-04-20 10:43 UTC
Skills scanned: 134
Total findings: 821
Critical: 68 | High: 57 | Safe skills: 93/134

Summary

SkillSeverityFindingsSafeDuration
citation-management🔴 CRITICAL1328.1s
clinical-decision-support🔴 CRITICAL1364.0s
clinical-reports🔴 CRITICAL1359.9s
cobrapy🔴 CRITICAL435.5s
hypothesis-generation🔴 CRITICAL1136.1s
infographics🔴 CRITICAL1033.4s
latex-posters🔴 CRITICAL1134.9s
literature-review🔴 CRITICAL1249.8s
markitdown🔴 CRITICAL1140.8s
peer-review🔴 CRITICAL1142.7s
pptx-posters🔴 CRITICAL1032.3s
research-grants🔴 CRITICAL1138.5s
research-lookup🔴 CRITICAL1644.3s
scholar-evaluation🔴 CRITICAL1037.0s
scientific-critical-thinking🔴 CRITICAL1041.4s
scientific-schematics🔴 CRITICAL1034.4s
scientific-slides🔴 CRITICAL1751.3s
scientific-writing🔴 CRITICAL1032.5s
seaborn🔴 CRITICAL432.6s
shap🔴 CRITICAL539.7s
treatment-plans🔴 CRITICAL1249.6s
umap-learn🔴 CRITICAL535.6s
venue-templates🔴 CRITICAL1146.2s
consciousness-council🟠 HIGH534.4s
dask🟠 HIGH425.1s
dhdna-profiler🟠 HIGH536.2s
esm🟠 HIGH418.6s
geomaster🟠 HIGH838.1s
modal🟠 HIGH929.2s
parallel-web🟠 HIGH742.3s
pathml🟠 HIGH718.8s
polars🟠 HIGH422.2s
pytorch-lightning🟠 HIGH421.7s
qutip🟠 HIGH416.8s
scikit-bio🟠 HIGH431.2s
scvi-tools🟠 HIGH528.3s
sympy🟠 HIGH425.5s
torch-geometric🟠 HIGH728.7s
torchdrug🟠 HIGH420.1s
transformers🟠 HIGH527.1s
zarr-python🟠 HIGH434.9s
dnanexus-integration🟡 MEDIUM431.2s
docx🟡 MEDIUM543.6s
ginkgo-cloud-lab🟡 MEDIUM421.8s
imaging-data-commons🟡 MEDIUM417.3s
labarchive-integration🟡 MEDIUM729.7s
open-notebook🟡 MEDIUM2026.7s
pennylane🟡 MEDIUM525.0s
phylogenetics🟡 MEDIUM1130.9s
primekg🟡 MEDIUM530.8s
protocolsio-integration🟡 MEDIUM838.2s
pyhealth🟡 MEDIUM427.3s
pymatgen🟡 MEDIUM527.5s
rowan🟡 MEDIUM529.3s
vaex🟡 MEDIUM318.4s
what-if-oracle🟡 MEDIUM435.3s
adaptyv🔵 LOW427.9s
aeon🔵 LOW423.5s
anndata🔵 LOW319.0s
arboreto🔵 LOW111.0s
astropy🔵 LOW529.9s
benchling-integration🔵 LOW420.1s
bgpt-paper-search🔵 LOW421.4s
biopython🔵 LOW418.2s
cellxgene-census🔵 LOW422.8s
database-lookup🔵 LOW431.7s
datamol🔵 LOW420.6s
deeptools🔵 LOW115.3s
depmap🔵 LOW324.6s
diffdock🔵 LOW217.7s
etetoolkit🔵 LOW323.7s
exploratory-data-analysis🔵 LOW428.0s
flowio🔵 LOW216.9s
fluidsim🔵 LOW321.0s
generate-image🔵 LOW422.8s
geniml🔵 LOW319.0s
geopandas🔵 LOW421.7s
get-available-resources🔵 LOW421.3s
gget🔵 LOW424.0s
glycoengineering🔵 LOW322.2s
gtars🔵 LOW529.3s
histolab🔵 LOW325.8s
hypogenic🔵 LOW423.6s
iso-13485-certification🔵 LOW322.0s
lamindb🔵 LOW321.4s
latchbio-integration🔵 LOW320.8s
market-research-reports🔵 LOW433.5s
matchms🔵 LOW112.6s
matlab🔵 LOW322.4s
matplotlib🔵 LOW115.9s
medchem🔵 LOW115.9s
molecular-dynamics🔵 LOW318.8s
molfeat🔵 LOW317.1s
networkx🔵 LOW428.8s
neurokit2🔵 LOW327.9s
neuropixels-analysis🔵 LOW430.7s
omero-integration🔵 LOW425.0s
opentrons-integration🔵 LOW425.2s
optimize-for-gpu🔵 LOW322.8s
paper-lookup🔵 LOW533.6s
paperzilla🔵 LOW315.6s
pdf🔵 LOW532.3s
polars-bio🔵 LOW319.4s
pptx🔵 LOW429.1s
pufferlib🔵 LOW424.6s
pydeseq2🔵 LOW319.9s
pydicom🔵 LOW431.1s
pylabrobot🔵 LOW220.2s
pymc🔵 LOW217.9s
pymoo🔵 LOW114.0s
pyopenms🔵 LOW213.2s
pysam🔵 LOW110.9s
pytdc🔵 LOW435.1s
pyzotero🔵 LOW321.1s
qiskit🔵 LOW319.4s
rdkit🔵 LOW321.0s
scanpy🔵 LOW213.1s
scientific-brainstorming🔵 LOW110.9s
scikit-survival🔵 LOW320.7s
scvelo🔵 LOW423.6s
simpy🔵 LOW114.6s
stable-baselines3🔵 LOW214.2s
statistical-analysis🔵 LOW114.2s
tiledbvcf🔵 LOW319.7s
timesfm-forecasting🔵 LOW332.9s
usfiscaldata🔵 LOW320.2s
xlsx🔵 LOW437.2s
statsmodels⚪ INFO18.3s
bioservices🟢 SAFE014.4s
cirq🟢 SAFE08.9s
deepchem🟢 SAFE011.1s
markdown-mermaid-writing🟢 SAFE09.2s
scientific-visualization🟢 SAFE011.9s
scikit-learn🟢 SAFE05.1s

Detailed Findings

citation-management — 🔴 CRITICAL

  • 🔴 CRITICAL BEHAVIOR_CROSSFILE_ENV_VAR_EXFILTRATION — Cross-file env var exfiltration: 6 files

    Environment variable access with network calls in scripts/extract_metadata.py, scripts/generate_schematic_ai.py, scripts/generate_schematic.py, scripts/search_pubmed.py Remediation: Review data flow across files: scripts/generate_schematic_ai.py, scripts/search_pubmed.py, scripts/generate_schematic.py, scripts/doi_to_bibtex.py, scripts/extract_metadata.py, scripts/validate_citations.py

  • 🔴 CRITICAL BEHAVIOR_CROSSFILE_EXFILTRATION_CHAIN — Cross-file exfiltration chain: 6 files

    Multi-file exfiltration chain detected: scripts/extract_metadata.py, scripts/generate_schematic_ai.py, scripts/generate_schematic.py, scripts/search_pubmed.py collect data → scripts/generate_schematic_ai.py → scripts/doi_to_bibtex.py, scripts/extract_metadata.py, scripts/validate_citations.py, scripts/generate_schematic_ai.py, scripts/search_pubmed.py transmit to network Remediation: Review data flow across files: scripts/generate_schematic_ai.py, scripts/search_pubmed.py, scripts/generate_schematic.py, scripts/doi_to_bibtex.py, scripts/extract_metadata.py, scripts/validate_citations.py

  • 🔵 LOW LLM_SKILL_DISCOVERY_ABUSE — Cross-Skill Activation Promotion (scientific-schematics Skill)

    The SKILL.md instructions contain a section that actively promotes and triggers the use of another skill ('scientific-schematics') by instructing the agent to 'always consider adding scientific diagrams' and stating 'Scientific schematics should be generated by default'. This creates an over-broad activation pattern that may cause the agent to invoke additional skills beyond the user's intent when using citation management. File: SKILL.md Remediation: Remove or make optional the automatic cross-skill invocation. The citation management skill should focus on its stated purpose (citation management) and not automatically trigger other skills without explicit user request.

  • 🔵 LOW LLM_SUPPLY_CHAIN_ATTACK — Unpinned Python Package Dependencies

    The SKILL.md instructions recommend installing Python packages without version pins (e.g., 'pip install requests', 'pip install scholarly', 'pip install biopython'). Unpinned dependencies are vulnerable to supply chain attacks where a malicious version of a package could be installed, potentially compromising the skill's behavior. File: SKILL.md Remediation: Pin all dependencies to specific versions (e.g., 'requests==2.31.0') and provide a requirements.txt file with hashed dependencies. Use 'pip install --require-hashes' for additional security.

  • 🔴 CRITICAL BEHAVIOR_ENV_VAR_EXFILTRATION — Environment variable access with network calls detected

    Script accesses environment variables and makes network calls in scientific-skills/citation-management/scripts/extract_metadata.py File: scientific-skills/citation-management/scripts/extract_metadata.py Remediation: Remove environment variable harvesting or network transmission

  • 🟡 MEDIUM BEHAVIOR_ENV_VAR_HARVESTING — Environment variable harvesting detected

    Script iterates through environment variables in scientific-skills/citation-management/scripts/extract_metadata.py File: scientific-skills/citation-management/scripts/extract_metadata.py Remediation: Remove environment variable collection unless explicitly required and documented

  • 🟡 MEDIUM BEHAVIOR_ENV_VAR_HARVESTING — Environment variable harvesting detected

    Script iterates through environment variables in scientific-skills/citation-management/scripts/generate_schematic.py File: scientific-skills/citation-management/scripts/generate_schematic.py Remediation: Remove environment variable collection unless explicitly required and documented

  • 🔴 CRITICAL BEHAVIOR_ENV_VAR_EXFILTRATION — Environment variable access with network calls detected

    Script accesses environment variables and makes network calls in scientific-skills/citation-management/scripts/generate_schematic_ai.py File: scientific-skills/citation-management/scripts/generate_schematic_ai.py Remediation: Remove environment variable harvesting or network transmission

  • 🟡 MEDIUM BEHAVIOR_ENV_VAR_HARVESTING — Environment variable harvesting detected

    Script iterates through environment variables in scientific-skills/citation-management/scripts/generate_schematic_ai.py File: scientific-skills/citation-management/scripts/generate_schematic_ai.py Remediation: Remove environment variable collection unless explicitly required and documented

  • 🔴 CRITICAL BEHAVIOR_ENV_VAR_EXFILTRATION — Environment variable access with network calls detected

    Script accesses environment variables and makes network calls in scientific-skills/citation-management/scripts/search_pubmed.py File: scientific-skills/citation-management/scripts/search_pubmed.py Remediation: Remove environment variable harvesting or network transmission

  • 🟡 MEDIUM BEHAVIOR_ENV_VAR_HARVESTING — Environment variable harvesting detected

    Script iterates through environment variables in scientific-skills/citation-management/scripts/search_pubmed.py File: scientific-skills/citation-management/scripts/search_pubmed.py Remediation: Remove environment variable collection unless explicitly required and documented

  • 🟡 MEDIUM LLM_DATA_EXFILTRATION — Environment Variable Access Combined with External Network Calls

    Multiple scripts access environment variables (NCBI_API_KEY, NCBI_EMAIL, OPENROUTER_API_KEY) and make outbound network requests. While these appear to be legitimate API keys for the stated purpose (PubMed, OpenRouter), the pattern of reading environment variables and sending them in HTTP requests represents a potential data exposure risk if the skill is used in environments where these variables contain sensitive credentials beyond the intended scope. The generate_schematic_ai.py script in particular reads OPENROUTER_API_KEY and sends it as a Bearer token to an external API. File: scripts/generate_schematic_ai.py Remediation: This is largely expected behavior for API-based tools. However, ensure that environment variable names are clearly documented and scoped. Consider validating that API keys are only used for their intended endpoints and not logged or transmitted elsewhere.

  • 🔵 LOW LLM_DATA_EXFILTRATION — API Key Loaded from .env File Without Explicit User Consent

    The generate_schematic_ai.py script attempts to load API keys from .env files in the current working directory or script directory using python-dotenv. This could inadvertently expose API keys stored in .env files that the user may not have intended to share with this skill. File: scripts/generate_schematic_ai.py:28 Remediation: Document clearly that the skill reads .env files. Consider requiring explicit user confirmation before loading credentials from .env files, or restrict loading to only the skill's own directory.

clinical-decision-support — 🔴 CRITICAL

  • 🔴 CRITICAL BEHAVIOR_CROSSFILE_ENV_VAR_EXFILTRATION — Cross-file env var exfiltration: 2 files

    Environment variable access with network calls in scripts/generate_schematic_ai.py, scripts/generate_schematic.py Remediation: Review data flow across files: scripts/generate_schematic_ai.py, scripts/generate_schematic.py

  • 🔴 CRITICAL BEHAVIOR_CROSSFILE_EXFILTRATION_CHAIN — Cross-file exfiltration chain: 2 files

    Multi-file exfiltration chain detected: scripts/generate_schematic_ai.py, scripts/generate_schematic.py collect data → scripts/generate_schematic_ai.py → scripts/generate_schematic_ai.py transmit to network Remediation: Review data flow across files: scripts/generate_schematic_ai.py, scripts/generate_schematic.py

  • 🟡 MEDIUM LLM_UNAUTHORIZED_TOOL_USE — Mandatory External AI Service Dependency with No Fallback or Validation

    The SKILL.md instructions mandate that every clinical decision support document MUST include AI-generated figures using the scientific-schematics skill, which calls the external OpenRouter API. This creates a hard dependency on an external third-party service for document generation. If the external service is compromised, unavailable, or returns malicious content, the skill's output integrity is affected. The mandatory nature of this requirement (marked with ⚠️ MANDATORY) means users cannot opt out. File: SKILL.md Remediation: Make external AI figure generation optional rather than mandatory. Provide a fallback path that generates figures using local tools (e.g., matplotlib, TikZ) without requiring external API calls. Clearly document the external dependency and allow users to disable it.

  • 🔵 LOW LLM_SKILL_DISCOVERY_ABUSE — Over-Broad Capability Claims and Mandatory Cross-Skill Activation

    The SKILL.md description makes very broad capability c