Back to skill

Security audit

Document Spell Check

Security checks across malware telemetry and agentic risk

Overview

This looks like a real documentation spell checker, but it can unexpectedly install software with elevated privileges and rewrite files without the advertised safeguards.

Review the script before installing. Install aspell yourself first if you use it, run check or --dry-run before fix mode, and only run fix on files covered by version control or backups. The concern is not malware evidence; it is that the skill has under-disclosed local system changes and weaker safety controls than its documentation promises.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
In `fix` mode, the script overwrites original files after applying `sed` substitutions, with no confirmation prompt, backup, or enforced dry-run preview. In a developer tooling context this can cause unintended content corruption or destructive edits across many files, especially because the advertised `--interactive` safeguard is nonfunctional.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script attempts to run `sudo apt-get install aspell` automatically when `aspell` is missing, causing a privileged subprocess from a routine document-checking tool without explicit consent. In a skill or automation context, unexpectedly triggering privileged package installation expands the attack surface and can violate least-privilege expectations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.