Doc Genius

Security checks across malware telemetry and agentic risk

Overview

The document tool mostly does what it says, but it also includes under-disclosed billing code with a hardcoded API key and charge capability.

Review before installing. Use local summarization for sensitive documents unless you are comfortable sending extracted text to OpenAI. Do not run scripts/doc_processor_paid.py unless the billing behavior is intended and approved; the publisher should remove or rotate the embedded billing key and document the paid flow clearly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The AI summarization path transmits document contents to an external OpenAI API, which creates a real data-exfiltration/privacy risk when users process sensitive documents. The network behavior is functionality-related rather than obviously malicious, but it is dangerous because the code provides no strong trust boundary, data classification check, or opt-in confirmation before sending content off-host.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list includes generic phrases such as '文档处理', '智能摘要', and 'format conversion' that could match many ordinary user requests and cause this skill to be invoked unexpectedly. Overly broad activation increases the chance of unintended document processing, including sending sensitive content into the skill workflow without explicit user intent.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The README advertises AI summarization via the OpenAI API but does not disclose that document contents may be transmitted to a third-party cloud service. Users may reasonably assume processing is local, and this omission can lead to accidental exposure of confidential documents, research, contracts, or internal records.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The advanced usage section again instructs users to use cloud-based AI summarization without warning that file contents may leave the local environment. Repeating cloud-processing commands without privacy guidance makes accidental disclosure more likely, especially for enterprise or legal documents highlighted elsewhere in the skill.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The AI summary example instructs users to configure an OpenAI API key and process documents with a remote model, but it does not clearly warn that document contents may be transmitted to an external third-party service. In a document-processing skill, users may reasonably assume local handling, so omission of a data-transfer warning can cause unintentional disclosure of sensitive files.

Missing User Warnings

Low

Confidence: 81% confidence
Finding: The integration example chains external web content into local processing and writes intermediary data to a local file without warning about trust boundaries. This can lead users to process untrusted content or overwrite local files without considering that fetched data is externally controlled and may contain sensitive, misleading, or unsafe material.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: When AI mode is enabled, the tool sends document contents to the OpenAI API, which may include sensitive or regulated data. There is no explicit consent prompt, warning, redaction step, or policy gate, so users may unintentionally exfiltrate confidential material to an external service.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: When AI mode is enabled, document text is sent to the OpenAI API, which may expose sensitive document contents to a third party. The code does not present a clear privacy warning, consent prompt, redaction step, or policy control before transmitting potentially confidential data.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The code sends raw document text to the OpenAI API without any explicit runtime warning or consent mechanism, so users may unknowingly disclose confidential content. This is especially risky for internal documents, legal files, or regulated data because the transmission happens as part of normal processing and may not be obvious from the command-line interface.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The code forwards raw document text to an external model provider for summarization. In a document-processing skill, this context makes the issue more significant because the input is likely to contain proprietary business documents, personal information, or internal reports, increasing confidentiality risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal