Back to skill

Security audit

Epub2md Cli

Security checks across malware telemetry and agentic risk

Overview

This is a coherent EPUB-to-Markdown helper that runs a local converter, writes outputs to a workspace, and only fetches remote images when the user chooses that option.

Install this only if you are comfortable with an agent running epub2md locally, copying EPUBs into its workspace, and writing converted files there. Approve any global npm install yourself, and use --localize only when you intentionally want remote images fetched, since EPUBs can contain URLs controlled by third parties.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to run shell commands and write files into a workspace, but it declares no permissions. That mismatch can bypass user/operator expectations and weakens policy enforcement because a reviewer may assume the skill is non-invasive when it can actually modify the filesystem and invoke external tools.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation rule says to use this skill whenever the user mentions EPUB-related tasks, even if they did not explicitly request this tool. Over-broad triggering can cause unintended shell execution, file writes, or networked actions in contexts where a simpler or safer response would have sufficed.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill promotes `--localize` to download remote images but does not clearly warn that this makes outbound network requests to third-party hosts, potentially leaking IP address, timing, user interest, and other metadata. If an EPUB references attacker-controlled URLs, invoking localization can also contact untrusted infrastructure unexpectedly.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The --localize feature explicitly downloads remote images referenced by EPUB content, but the wrapper exposes it without any explicit warning, confirmation, or restriction. In an agent skill context, processing an untrusted EPUB could trigger outbound network access to attacker-controlled hosts, leaking IP/environment metadata and causing unintended retrieval of untrusted content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.