Api Design Doc

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward API documentation generator whose main effect is creating one Markdown design document in the project.

Install this if you want an agent to generate an API design document in the current project. Before running it, check whether doc/API接口设计文档.md already exists and confirm that saving to that fixed path is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs automatic filesystem modification by creating `doc/` and writing a fixed file in the project root, without requiring confirmation or warning the user. In an agent environment, this can lead to unintended repository changes, overwriting existing documentation, or silent persistence of generated content, especially when the trigger condition is broad.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal