Update Docs

Security checks across malware telemetry and agentic risk

Overview

This documentation helper reads code changes and guides user-confirmed documentation updates, with no evidence of hidden network access, credential use, persistence, or destructive behavior.

Install this if you are comfortable with a skill that can inspect repository diffs and help edit documentation files. Review proposed doc changes before confirming them, and be aware that any included packaging or initialization scripts should only be run intentionally on paths you choose.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill instructs the agent to use shell commands (`git diff`) and to read and modify documentation files, which implies shell, file-read, and file-write capabilities without any declared permissions or guardrails. Undeclared capabilities are dangerous because they prevent accurate policy enforcement and user review, making it easier for a seemingly harmless documentation skill to access or change repository content unexpectedly.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal