Back to skill

Security audit

Litho Doc

Security checks across malware telemetry and agentic risk

Overview

This documentation skill is purpose-aligned, but it can broadly analyze a repository and write hidden intermediate files without a strong user-control boundary.

Install only if you are comfortable with the skill reading broadly across the target repository and creating documentation plus temporary .litho-agent/ analysis files. Before running it, choose an output directory and language, confirm cleanup expectations, and avoid using it on repositories where locally retained architecture summaries or configuration references would be sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation description is overly broad and includes catch-all phrasing for nearly any documentation-related request. That can cause the skill to activate in contexts where the user did not clearly intend autonomous repository-wide analysis, increasing the chance of unnecessary codebase scanning and file generation beyond user expectations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to persist intermediate analysis artifacts to a hidden directory and optionally delete that directory afterward, without requiring user notice or consent. This creates a transparency and safety issue because the agent may write potentially sensitive repository-derived summaries to disk and modify the workspace state in ways the user did not authorize or may not notice.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
This file’s operational instructions are entirely in Chinese, while the skill metadata and likely deployment context are broader and multilingual. That creates a safety and usability gap: reviewers, operators, or downstream agents who do not read Chinese may misunderstand the procedure, skip important constraints, or fail to notice risky guidance, reducing effective oversight of an autonomous codebase-analysis skill.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The file is entirely written in Chinese and repeatedly prescribes Chinese-language research/report formats without any opt-in, fallback, or locale negotiation. In an agent skill that autonomously analyzes arbitrary repositories and generates documentation, this can cause the agent to ignore user language preferences, miscommunicate findings, or produce unusable output for operators who cannot read Chinese, which is a real quality and safety issue in multilingual environments.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.