BookStack

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward BookStack API helper that uses user-provided credentials to read, create, update, search, and delete wiki content as advertised.

Install this only if you want an agent to operate on your BookStack instance. Use a least-privilege API token, keep the token out of prompts, logs, screenshots, and repositories, and review update or delete commands carefully before running them against important documentation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill prominently documents delete operations for books, chapters, and pages without warning that these actions may be irreversible or operationally disruptive. In an automation context, this raises the risk of accidental destructive use by operators or downstream agents, especially when commands are copied directly from examples.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation instructs users to configure API token ID and secret but does not warn against leaking them via shell history, logs, screenshots, shared config files, or repository commits. Because these credentials grant authenticated API access to the knowledge base, mishandling them could enable unauthorized reading, modification, or deletion of documentation content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal