registry  /  docs-skills  /  1.7.12

docs-skills@1.7.12

AI agent skills for documentation analysis, creation, and observability — 35 specialized skills for Claude Code, Cursor, Codex, and other AI coding tools. New in 1.6: docs-create gains a content-enrichment checkpoint that adds competitor comparisons, educ

AI Security Review

scanned 9d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time or import-time attack surface. The main residual risk is explicit user-command installation of first-party AI-agent skills into common agent config locations.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs docs-skills install, docs-skills crawl, or node scripts/sync-skills.js --apply
Impact
Can add bundled documentation skills to AI-agent config files, crawl user-specified sites into markdown, or publish from a maintainer checkout when explicitly applied.
Mechanism
explicit CLI file writes and maintainer release automation
Rationale
Static inspection shows risky primitives are explicit package-aligned CLI/maintenance features, with no lifecycle hook, stealth execution, exfiltration, or remote payload chain. Because the package can intentionally write AI-agent control files on user command, treat it as a warning-level agent extension lifecycle risk rather than malicious.
Evidence
package.jsonbin/docs-skills.jsinstall.jsscripts/sync-skills.jsscripts/crawl-site.jsscripts/build-index.js.claude/skills/<skill>/.cursor/rules/docs-skills.mdc.github/copilot-instructions.mdAGENTS.mdindex.jsonREADME.mduser-specified crawl output directory
Network endpoints4
docsbook.iogithub.com/Docsbook-io/docs-skills.gitraw.githubusercontent.com/Docsbook-io/docs-skills/maingithub.com/Docsbook-io/docs-skills/blob/main

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • install.js explicitly copies bundled SKILL.md files into .claude/skills, .cursor/rules, copilot-instructions.md, or AGENTS.md when invoked.
  • scripts/sync-skills.js has --apply path that runs git push, npm version, and npm publish, but it is a maintainer sync script, not lifecycle-triggered.
  • scripts/crawl-site.js performs user-supplied HTTP/HTTPS crawling and writes markdown output files.
Evidence against
  • package.json defines no preinstall/install/postinstall/prepare lifecycle hooks.
  • bin/docs-skills.js only dispatches explicit CLI commands; import-time behavior is help/list/info unless a command is supplied.
  • No credential/env harvesting, obfuscation, eval/vm/Function, native binary loading, or remote payload execution found.
  • Network endpoints are package/user-aligned: docsbook.io/github URLs in docs/index metadata and user-provided crawl URLs.
  • sync-skills.js is dry-run by default and requires --apply for mutating git/npm actions.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 81.1 KB of source, external domains: example.com, github.com, raw.githubusercontent.com

Source & flagged code

3 flagged · loading source
scripts/sync-skills.jsView file
8* 5. commit + push в оба репо L9: * 6. npm version <bump> + git push --tags + npm publish (только docs-skills) L10: * ... L26: const path = require('path'); L27: const { execSync, spawnSync } = require('child_process'); L28: L29: const REPO_ROOT = path.resolve(__dirname, '..'); L30: const DOCSBOOK_ROOT = '/[redacted]'; ... L34: const DOCSBOOK_README = path.join(DOCSBOOK_ROOT, 'README.md'); L35: const PKG_JSON = path.join(REPO_ROOT, 'package.json'); L36: ... L66: function readIndex() {
Critical
Npm Publish Worm

Source mutates package metadata and republishes itself to npm.

scripts/sync-skills.jsView on unpkg · L8
26const path = require('path'); L27: const { execSync, spawnSync } = require('child_process'); L28:
High
Child Process

Package source references child process execution.

scripts/sync-skills.jsView on unpkg · L26
bin/docs-skills.jsView file
1#!/usr/bin/env node L2: const path = require('path'); L3: const fs = require('fs');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/docs-skills.jsView on unpkg · L1

Findings

1 Critical2 High2 Medium4 Low
CriticalNpm Publish Wormscripts/sync-skills.js
HighChild Processscripts/sync-skills.js
HighShell
MediumDynamic Requirebin/docs-skills.js
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings