Back to skill

Security audit

Context7 API Documentation Fetcher

Security checks across malware telemetry and agentic risk

Overview

The skill appears to fetch Context7 documentation as advertised, but it silently embeds and uses a hardcoded API key.

Review before installing. This skill is narrowly aimed at fetching documentation from Context7, but it can send your library names and queries to Context7 and will use an embedded API key if you do not configure CONTEXT7_API_KEY. Prefer a version that removes the fallback key, requires user-supplied credentials, and documents the external requests clearly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill instructs the agent to run a Python script that accesses network resources and likely reads environment variables, yet the skill file declares no permissions or capability requirements. This creates a transparency and policy-enforcement gap: operators may approve or invoke the skill without realizing it can make outbound requests and use secrets from the environment.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The described purpose is limited to documentation retrieval, but the implementation reportedly uses bearer authentication with a hardcoded fallback credential that is not disclosed in the skill description. Hidden authentication behavior is dangerous because it can mask secret handling, enable unintended third-party access, and embed reusable credentials that may be extracted or abused.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The activation guidance says to use the skill proactively for essentially any external library work, which is broad enough to trigger network-backed behavior in many ordinary tasks. In context, this increases the chance of unnecessary external calls, unintended data sharing in queries, and reliance on a third-party service even when not needed.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script embeds a default bearer token directly in source code and silently uses it whenever the environment variable is absent. Hardcoded credentials are easily leaked through source control, logs, packaging, or reuse by unauthorized parties, and the lack of warning makes accidental misuse more likely in downstream environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.