Context7 Documentation Skill

Security checks across malware telemetry and agentic risk

Overview

This skill transparently fetches programming documentation from Context7 and does not show hidden, destructive, or persistent behavior.

Install if you are comfortable with documentation questions being sent to Context7. Avoid including secrets, private code, customer data, or credentials in queries. If you set CONTEXT7_API_KEY, use a Context7-specific key and keep it out of prompts and logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The activation guidance is broad enough to trigger on many generic documentation or API questions, which can cause unnecessary invocation of a network-enabled skill. In context, that increases the chance that user prompts or task details are sent to an external service when a local answer would suffice, expanding data exposure and tool-use surface.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal