Security audit

Skill Doc Enhancer

Security checks across malware telemetry and agentic risk

Overview

This skill is a local documentation helper that can update a target SKILL.md file when the user explicitly runs its enhancement script.

Use --dry-run first, review the generated text, and keep a backup or version-control diff before applying changes. The main risk is unintended documentation edits, not hidden credential use or data exfiltration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The documentation describes an enhancement script that can automatically append content to SKILL.md, but it does not provide a clear warning at the point of use that the command will modify files. Users may run the command assuming it is informational, leading to unintended edits or overwriting of documentation state.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.