Back to skill

Security audit

Nm Sanctum Doc Consolidation

Security checks across malware telemetry and agentic risk

Overview

This documentation cleanup skill is purpose-aligned, but it can modify and delete repository files and its rollback safety is incomplete.

Install only if you are comfortable with an agent editing documentation and deleting temporary markdown reports after you approve a consolidation plan. Before execution, review the exact candidate files, destinations, and any REPLACE_SECTION actions; prefer committing or backing up the workspace first, and ask the agent to archive sources instead of deleting them when the originals may contain unique context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The rollback feature performs destructive filesystem operations (`unlink`) and restores prior content from a log, which expands the skill from documentation consolidation into file-reversal behavior. In this context, that added capability is risky because it is not tightly scoped, has no path restrictions or confirmation gates, and could delete files created outside the intended documentation area if the log or inputs are manipulated.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The `rollback_last()` docstring claims to roll back the most recent consolidation, but the implementation explicitly cannot restore deleted source files. That mismatch is dangerous because operators may rely on rollback as a safety mechanism, leading to permanent data loss after source deletion.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is broad and includes generic terms like 'docs', 'cleanup', and 'knowledge-management', which can cause this skill to activate in many unrelated contexts. Because the skill performs file discovery, content routing, and deletion of source files after merge, unintended invocation could lead to inappropriate document modifications or accidental cleanup of markdown artifacts the user did not intend to consolidate.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The module explicitly instructs the agent to prefer merging into existing documentation and to create new files when certain conditions are met, but it provides no requirement to warn the user or obtain confirmation before modifying repository files. In a skill whose purpose is documentation consolidation, this increases the risk of silent file creation or modification that could overwrite curated content, introduce misleading documentation, or persist LLM-generated errors into the codebase.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The REPLACE_SECTION strategy authorizes replacing entire sections of existing documentation and only mentions backing up content in a consolidation log, without requiring user approval or robust integrity checks. This is dangerous because an agent could destructively overwrite important documentation sections based on imperfect semantic matching or hallucinated relevance, causing loss of authoritative content and making malicious or accidental tampering harder to detect.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The module deletes source files automatically after successful merges, but the skill text does not present a strong user-facing warning, confirmation step, or safer default. In a documentation-consolidation skill, source artifacts may still contain unique context or be the only recoverable originals, so automatic deletion increases the chance of accidental irreversible loss.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.