Back to skill

Security audit

OpenKM Document Management

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenKM REST client that can read, modify, and delete OpenKM documents using the configured account, with no evidence of hidden or unrelated behavior.

Install only if you want an agent to operate on OpenKM with the permissions of the configured account. Use a least-privilege OpenKM user, protect OPENKM_PASSWORD, avoid sharing logs when OPENKM_DEBUG is enabled, and require explicit confirmation before delete, move, restore-version, checkin/upload-version, or workflow task actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly requires sensitive environment variables and performs networked operations against an external OpenKM instance, yet no explicit permissions are declared. This creates a governance and transparency gap: an agent may be able to access credentials and perform remote actions without clear user-facing permission boundaries.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes destructive operations such as move, rename, delete, restore-version, and workflow/task actions without documenting warnings, confirmations, or safety constraints. In an agent-driven context, this increases the chance of unintended or socially engineered data modification or deletion against a live OpenKM instance using configured credentials.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents destructive operations such as deleting documents without any warning, confirmation, or recommendation to verify targets before execution. In an agent context, this increases the chance of accidental or prompt-induced destructive actions against production content.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation instructs users to set OPENKM_PASSWORD directly but does not warn that it is a sensitive secret or advise against logging, echoing, or hardcoding it. This can lead to credential exposure through shell history, process listings, screenshots, or copied examples.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.