registry  /  docs-skills  /  1.7.15

docs-skills@1.7.15

AI agent skills for documentation analysis, creation, and observability — 35 specialized skills for Claude Code, Cursor, Codex, and other AI coding tools. New in 1.6: docs-create gains a content-enrichment checkpoint that adds competitor comparisons, educ

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `docs-skills install [dir]`.
Impact
User-approved project instructions can change future AI-agent behavior; no covert persistence or exfiltration was found.
Mechanism
Explicit AI-agent configuration and skill installation.
Rationale
Source inspection contradicts the scanner's malicious conclusion: publishing and networking are explicit maintainer/user actions. Policy still warrants a warning because the package intentionally mutates AI-agent control surfaces on an explicit command.
Evidence
package.jsonbin/docs-skills.jsinstall.jsscripts/crawl-site.jsscripts/sync-skills.jsskills/automation/docs-sync/SKILL.md.claude/skills/.cursor/rules/docs-skills.mdc.github/copilot-instructions.mdAGENTS.md

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `install.js` explicitly writes Claude, Cursor, Copilot, or Codex agent-control files.
  • `bin/docs-skills.js` invokes `install.js` only for the explicit `install` command.
  • `skills/automation/docs-sync/SKILL.md` instructs an agent to offer a pre-push hook.
Evidence against
  • `package.json` has no preinstall, install, postinstall, prepare, or prepublish lifecycle hook.
  • No credential/env harvesting, exfiltration, eval, native loading, or covert network endpoint was found.
  • `scripts/crawl-site.js` performs GET requests only for a user-supplied crawl URL.
  • `scripts/sync-skills.js` publishes only when a maintainer explicitly runs `sync:apply`.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 81.1 KB of source, external domains: example.com, github.com, raw.githubusercontent.com

Source & flagged code

3 flagged · loading source
scripts/sync-skills.jsView file
8* 5. commit + push в оба репо L9: * 6. npm version <bump> + git push --tags + npm publish (только docs-skills) L10: * ... L26: const path = require('path'); L27: const { execSync, spawnSync } = require('child_process'); L28: L29: const REPO_ROOT = path.resolve(__dirname, '..'); L30: const DOCSBOOK_ROOT = '/[redacted]'; ... L34: const DOCSBOOK_README = path.join(DOCSBOOK_ROOT, 'README.md'); L35: const PKG_JSON = path.join(REPO_ROOT, 'package.json'); L36: ... L66: function readIndex() {
Critical
Npm Publish Worm

Source mutates package metadata and republishes itself to npm.

scripts/sync-skills.jsView on unpkg · L8
26const path = require('path'); L27: const { execSync, spawnSync } = require('child_process'); L28:
High
Child Process

Package source references child process execution.

scripts/sync-skills.jsView on unpkg · L26
bin/docs-skills.jsView file
1#!/usr/bin/env node L2: const path = require('path'); L3: const fs = require('fs');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/docs-skills.jsView on unpkg · L1

Findings

1 Critical2 High2 Medium4 Low
CriticalNpm Publish Wormscripts/sync-skills.js
HighChild Processscripts/sync-skills.js
HighShell
MediumDynamic Requirebin/docs-skills.js
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings