Back to skill

Security audit

Docsend2pdf

Security checks across malware telemetry and agentic risk

Overview

This skill is a small DocSend-to-PDF connector with disclosed external processing, but users should be careful because its safety text understates that conversion sends a document link to a third-party service.

Install only if you are comfortable sending the specific DocSend URL to OOMOL/Docsend2pdf for conversion. Do not treat the `convert` action as a harmless local read; confirm the link and intended conversion first, and avoid running the fallback CLI install command unless you trust the OOMOL installer source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The safety section claims all untagged actions are reads, but the only listed action, `convert`, performs an external processing operation on a user-supplied DocSend URL. Misclassifying it as read-only can cause the agent to invoke it without appropriate scrutiny or consent, especially because conversion may transmit sensitive document links and trigger external side effects such as fetching, processing, or generating downloadable artifacts.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description says to use this skill for ANY Docsend2pdf request and whenever a task involves Docsend2pdf, instead of calling the API directly. This broad trigger can cause over-invocation of the skill in situations where the user did not explicitly authorize external transmission of a DocSend URL or where a narrower, safer path would be more appropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.