Back to skill

Security audit

智能文档处理助手

Security checks across malware telemetry and agentic risk

Overview

This document-processing skill is mostly purpose-aligned, but its PDF path handling can let a crafted filename run unintended shell commands.

Review before installing. Use only with trusted local files, avoid documents with unusual or untrusted filenames, and treat any generated outputs as sensitive copies of the original document. The safer implementation would replace execSync shell interpolation with an argument-array API such as execFileSync or spawnSync and add clear privacy handling guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script imports child_process and later builds a shell command with user-controlled inputFile for execSync. Although the path is wrapped in double quotes, shell metacharacters such as embedded quotes can still break out of quoting and enable command injection, causing arbitrary command execution in the context of the user running the skill.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill encourages processing user-supplied documents and writing derived outputs, but it does not warn that inputs may contain sensitive or regulated data or that generated files may persist confidential content to disk. In a document-processing skill, this omission can cause users or downstream agents to handle confidential PDFs, contracts, or reports without appropriate safeguards, increasing the risk of unintended disclosure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The entity-extraction flow identifies emails, phone numbers, dates, and amounts and can write them directly to an output file without any privacy notice, redaction option, or confirmation. In a document-processing skill, this increases the chance of accidental exposure of personal or sensitive data through logs, terminal output, or saved reports, especially when processing third-party documents.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/process.mjs:138