api文档生成

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill that helps generate Python API docs and does not show evidence of hidden execution, credential use, persistence, or data sharing.

Before installing, be aware that the skill may activate for general documentation requests. Provide only the Python files you want documented, avoid including secrets or unrelated proprietary code, and review generated docstrings and final documentation before accepting changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Low

Confidence: 83% confidence
Finding: The skill description is broad enough to activate on generic requests like documenting a module or generating API docs, without clear constraints on repository scope, file boundaries, or confirmation before reading auxiliary files. In an agent environment, this can cause over-invocation and unnecessary access to local workspace content referenced by later steps, increasing unintended data exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal