Back to skill

Security audit

Dknowc Official Doc Writer

Security checks across malware telemetry and agentic risk

Overview

This document-writing skill is mostly coherent, but it requires phone-based third-party account setup and local API key storage even for tasks that do not need search.

Review this skill before installing. It appears to perform the advertised document-writing and search functions, but first use may ask for your phone number and SMS code to create a Dknowc search account and store an API key locally. Install only if you are comfortable with that registration flow and local credential file; for simple offline document drafting, this setup is more than the task strictly needs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes shell commands, reads and writes local files, accesses environment/configuration, and performs networked registration/search flows, but it declares no permissions or capability boundaries. That mismatch is dangerous because users and host systems cannot accurately assess what the skill may do, especially when it can create accounts, persist credentials, and modify local configuration.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The README instructs the agent to perform phone-based account registration and API key provisioning on the first invocation regardless of whether the user’s document task requires search. This expands the skill beyond its declared document-writing scope and creates unnecessary collection of personal data and credential handling, which increases privacy and security exposure without clear task necessity.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Documenting a workflow where the agent collects a phone number, requests an SMS code, and registers a third-party MaaS account is not well aligned with a document-writing assistant’s core function. Even if intended to enable search, this introduces identity, privacy, and credential-management operations that are more sensitive than the advertised capability and could be abused or over-collected.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to collect a user's phone number and SMS code to register a third-party account and provision an API key, even when the user's task is merely document drafting. This is sensitive-credential collection unrelated to many requested tasks and could lead to unauthorized account creation, privacy exposure, and persistent third-party linkage on the user's behalf.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill states search should be used only when supporting materials are needed, yet it requires initialization and potential search-account setup on every invocation regardless of task complexity. This creates unnecessary exposure to credential collection, network access, and local configuration writes for simple tasks that do not need search at all.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The script implements SMS-based account registration against an external platform and is explicitly intended to provision access for the skill, which is outside the declared scope of a document-writing skill. This creates an unnecessary trust boundary expansion: a user invoking a writing tool could be induced to create external accounts and hand over verification codes, enabling unauthorized account creation or service enrollment unrelated to the stated functionality.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code accepts an API key returned from a remote registration flow and writes it to a local config file for later use, effectively provisioning and persisting sensitive credentials on behalf of the skill. In the context of a document-authoring skill, this is unjustified and dangerous because it can silently establish durable access to an external service, creating credential exposure and abuse risk if the workspace, package, or logs are later accessed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that on first use the agent should initiate registration and local API key setup even when the current task does not need search, but it does not present a prominent upfront privacy warning before that flow. Users may disclose phone numbers and verification codes without understanding that a third-party account will be created and credentials stored locally.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Although the README mentions that the script writes the API key to config.ini, it does not frame this as a security-sensitive credential storage event with associated risks, permissions expectations, or handling guidance. Silent or under-disclosed credential persistence can expose secrets to other local users, backups, packaging mistakes, or later exfiltration by adjacent tooling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The initialization flow asks for a phone number and SMS verification code but does not clearly and prominently explain that this will create a third-party account, provision credentials, and store configuration locally. Users may provide sensitive information without fully understanding the account, privacy, persistence, and trust implications.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.