Back to skill

Security audit

4+1架构视图自动生成器

Security checks across malware telemetry and agentic risk

Overview

This architecture-documentation skill appears useful, but it writes project files, keeps hidden code-derived caches, and may send repository-derived diagrams to external Mermaid services.

Review this skill before installing on private repositories. Only use it if you are comfortable with it creating or changing arcview files, managing backups, keeping a hidden cache of architecture data, and potentially sending generated Mermaid content to third-party services; prefer running it with network access disabled or after confirming remote validation is opt-in.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill claims to generate architecture views, but it also instructs the agent to run additional validation, auto-fix, and environment-checking behaviors that extend beyond simple document generation. This broadens the operational scope and may cause unexpected file modification or command execution paths a user did not reasonably infer from the description.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
Requiring external network validation against Mermaid services can exfiltrate code-derived architecture details, filenames, endpoints, or inferred topology to third-party infrastructure. For a skill operating on private source trees, sending rendered diagram content off-box is a material confidentiality risk.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Using `WebFetch` to contact external Mermaid services is disproportionate to the core purpose of generating local architecture documentation. It creates an unnecessary outbound channel that can leak sensitive repository structure and increases the attack surface through dependence on remote content and availability.

Intent-Code Divergence

Low
Confidence
81% confidence
Finding
The skill says it avoids destructive actions, yet it still directs backup rotation, renaming existing files, and deleting older backups. In a user repository, this can alter or remove pre-existing content unexpectedly, especially if path classification or ownership assumptions are wrong.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger language includes 'or similar expressions,' making invocation boundaries overly broad. That increases the chance the skill runs unintentionally on unrelated prompts and performs filesystem reads/writes or network validation without clear user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill writes `arcview/` into the target project and may merge or overwrite content, but this side effect is not prominently disclosed at the start. Users may invoke what sounds like analysis-only behavior without realizing it will modify their working tree.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill silently persists intermediate models under `.claude/arc4plus1-cache/`, which may retain sensitive code structure, paths, and inferred architecture without the user's awareness. Hidden caching increases long-term data retention risk and can surprise users who expected ephemeral analysis.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
tests/basic_check.py:41