Security audit

DocuScan

Security checks across malware telemetry and agentic risk

Overview

DocuScan’s document-scanning workflow is coherent, but it makes unsupported security-verification and privacy claims while encouraging use with sensitive documents.

Review this skill before installing. Use it only if you are comfortable sending document images through your AI provider and storing extracted text locally. Treat the 'Codex Security Verified,' audit, no-transmission, and no-training claims as unverified. Keep the documents folder private, review generated filenames, install Playwright/Chromium from trusted sources, and do not deploy the dashboard without authentication, private storage, encryption, and access controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The setup prompt instructs the agent to modify the user's workspace by creating directories/files and changing permissions, but it does so as implicit initialization behavior rather than with an explicit warning or consent checkpoint about filesystem changes. Even though the requested actions are limited and plausibly legitimate for the skill, hidden or automatic workspace modification increases the risk of unexpected side effects and normalizes granting write access without informed user approval.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly describes writing files to a local `documents/` directory, appending metadata to `documents/scan-log.json`, and invoking `scripts/generate-pdf.sh`, but it does not require clear user consent or a visible warning before performing those side effects. Even though the actions are part of the intended workflow, undisclosed filesystem writes and shell-script execution increase risk because they modify the host environment and could expose sensitive document contents or trigger unsafe downstream behavior if the implementation is flawed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn

Code: suspicious.prompt_injection_instructions
Location: SECURITY.md:30

Prompt-injection style instruction pattern detected.

Warn

Code: suspicious.prompt_injection_instructions
Location: SKILL.md:7