Nm Scribe Doc Importer

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward document-to-Markdown importer whose disclosed file writes are aligned with its purpose.

Install appears reasonable for document conversion. Use trusted documents or URLs where possible, choose the output path deliberately, and review converted Markdown before using it as project context because external documents can contain misleading or instruction-like text.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs writing converted markdown to disk, including a default behavior of writing into the source file’s directory, without requiring explicit user confirmation immediately before file creation. In an agent setting, this can lead to unanticipated filesystem modifications, accidental overwrites, or writing sensitive converted content into unsafe or unintended locations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal