Back to skill

Security audit

NEXUS Doc Writer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed paid remote documentation-writing skill, but users should control paid invocations and avoid sending sensitive code or specs.

Before installing, be comfortable sending provided code/specs to NEXUS and paying for requests. Use sandbox or tightly scoped payment credentials where possible, keep secrets out of submitted content, and configure your agent or platform to confirm paid calls or enforce spending limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill is presented as a documentation generator, but a large portion of the manifest and instructions centers on multi-protocol payment orchestration, chain selection, fee sponsorship, and settlement flows. This creates scope expansion and capability ambiguity, which can mislead an agent or operator into invoking payment-related behaviors not necessary for documentation generation, increasing the chance of unintended fund movement or unsafe integration.

Context-Inappropriate Capability

Low
Confidence
73% confidence
Finding
The tags advertise unrelated domains such as health-monitoring and budget, which do not match the stated documentation-writing purpose. Misleading metadata can cause inappropriate discovery, installation, or automated routing by agents, increasing the risk that the skill is selected in contexts where data sensitivity or operational expectations are very different.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The README states the skill is 'automatically invoked' when a matching task is detected, but it does not define trigger boundaries, approval requirements, or limits on what data may be sent. In an agent ecosystem, this ambiguity can cause unintended activation and silent use of a paid remote service, increasing the risk of unreviewed network actions and data disclosure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README describes automatic use of a remote hosted endpoint but does not clearly warn that task content may be transmitted off-host to a third-party service. Users and downstream agents may assume documentation generation is local, which can lead to source code, specifications, secrets, or proprietary material being sent externally without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.