nudocs

This skill's documented behavior is consistent with its stated purpose: it instructs the agent to use an installed nudocs CLI to upload, list, link, pull, and delete documents on nudocs.ai and requires an API key via env var or config file. No direct malicious patterns (download-and-execute chains, obfuscated payloads, unknown exfiltration endpoints, or calls to known data-capture services) are present in the provided document. Primary risks are supply-chain trust in the external CLI package (verify publisher and repository), and the normal sensitivity of transmitting user documents and an API key to a third-party service. Verify the npm package's publisher, checksum/signature, and repository before installing; avoid uploading files containing secrets.