Tencent Docs

Security checks across malware telemetry and agentic risk

Overview

This Tencent Docs skill is mostly purpose-aligned, but it needs Review because it can send content to Tencent, modify or delete cloud documents, and change local tool configuration without strong confirmation safeguards.

Install only if you are comfortable granting Tencent Docs automation broad access to create, read, edit, import, export, and delete your cloud documents. Before using it, confirm every delete or bulk update target yourself, avoid sending sensitive local files or confidential text unless approved, and review setup.sh because it may globally install mcporter and persist a token-backed MCP configuration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The document defines `sheet_id` earlier as a worksheet identifier, but later says `properties.sheet_id` is actually the worksheet name. This parameter ambiguity can cause callers or downstream agents to send the wrong field, creating or modifying the wrong resource and potentially leading to unintended destructive actions in a data-management API.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description is extremely broad ('complete Tencent Docs operations' and many categories of create/manage/read/edit actions), which increases the chance an agent will invoke it for routine Tencent Docs tasks without tight user-intent boundaries. In a capability-bearing skill that can create, modify, move, and delete user documents, overbroad routing raises the risk of unintended high-impact actions being selected automatically.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documented tool list includes destructive delete capability ('delete_space_node') but does not clearly require explicit user confirmation before deletion. Because this skill manages hierarchical document spaces, a deletion action can remove important content or structures, and users may not appreciate the risk from a simple tool description alone.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This workflow section explicitly promotes manage.* operations including document deletion, but it does not pair deletion with a hard confirmation requirement or prominent data-loss warning. In context, the skill also supports moving, renaming, and copying files, so the same management workflow could easily lead an agent to perform irreversible deletion when safer alternatives exist.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The README explicitly instructs the agent to send user-provided document content to an external MCP service (`tencent-docs` / `doc.ai_format_pure_text`) but provides no user-facing disclosure, consent step, or data-handling warning. Because the input may contain sensitive contract, government, essay, or paper content, this creates a real privacy and unauthorized data-transfer risk rather than a purely theoretical issue.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document includes a workflow to search for files and then delete them, but it provides no warning, confirmation requirement, scope limitation, or recovery guidance. In an agent/tooling context, this can normalize unsafe automation and increase the chance of accidental or overbroad destructive actions against user data.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The import workflow instructs users to upload full local file contents as Base64 and later recommends direct authenticated HTTP requests with Authorization and Cookie headers, but it does not warn about sensitive data exposure, credential handling, or logging risks. In an agent setting, this can lead to unsafe transmission of confidential documents or accidental leakage of tokens and session cookies.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The reference documents deletion capabilities for tables, views, fields, and records without emphasizing irreversibility, confirmation requirements, or backup/recovery guidance. In an agent skill context, that omission increases the risk that an automated workflow or user will invoke destructive operations casually and cause permanent data loss.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script performs a global npm installation of `mcporter` automatically if it is missing, without prompting the user or verifying package provenance/version. This can unexpectedly modify the host environment and creates supply-chain risk if the package is compromised, typosquatted, or resolves to an untrusted version at install time.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal