Trust Assessment
nudocs received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned and Potentially Misleading CLI Dependency, Potential Command Injection/Data Exfiltration via File Arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unpinned and Potentially Misleading CLI Dependency The skill's setup instructions specify installing `@nutrient-sdk/nudocs-cli` via npm without a version pin. This introduces a supply chain risk as future versions could contain vulnerabilities or malicious code. Furthermore, the 'Links' section points to `https://github.com/PSPDFKit/nudocs-cli` as the CLI's source, while the npm package is `@nutrient-sdk/nudocs-cli`. This discrepancy between the package name and the linked repository owner (PSPDFKit vs. @nutrient-sdk) is highly suspicious and could indicate a typosquatting attempt or a malicious package masquerading as a legitimate tool. Installing an unverified package from an unknown source poses a severe risk of arbitrary code execution or data exfiltration. Investigate the `@nutrient-sdk/nudocs-cli` package to verify its legitimacy and relationship with PSPDFKit. If it is legitimate, pin the dependency to a specific, known-good version (e.g., `npm install -g @nutrient-sdk/nudocs-cli@1.2.3`). If it is not legitimate or its origin is unclear, replace it with the correct, verified package from PSPDFKit or remove the skill. | LLM | SKILL.md:13 | |
| MEDIUM | Potential Command Injection/Data Exfiltration via File Arguments The skill describes using `nudocs upload <file>` and `nudocs pull [ulid]`. If the `<file>` or `[ulid]` arguments are directly derived from untrusted user input without proper sanitization or validation by the agent, it could lead to command injection (if the `nudocs` CLI is vulnerable to argument injection) or data exfiltration (if the agent is tricked into uploading sensitive files like `/etc/passwd` or `~/.ssh/id_rsa`). While the skill itself doesn't implement the execution, it exposes a vector for the agent to be exploited. The agent implementing this skill must rigorously validate and sanitize all user-provided input before constructing and executing `nudocs` CLI commands. Specifically, file paths should be restricted to a safe, sandboxed directory, and `ulid` values should be validated against expected formats. Avoid passing arbitrary user input directly to shell commands. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/61fdb0dcaed8cbbe)
Powered by SkillShield