doc-skill-generator

No explicit malware behaviors are visible in the provided fragment (no network access, no command execution, no credential theft). However, the tool performs a high-impact local filesystem operation: it recursively and forcibly copies its own directory to a destination path derived from untrusted CLI JSON input. In a supply-chain or automation context where parameters could be attacker-controlled (or misused), this can enable destructive overwrites/sabotage of arbitrary locations accessible to the running user. Additionally, the malformed/templated-looking COMMANDS block and unused helper code reduce certainty about the full package behavior beyond the shown install/update logic.

整体更接近可疑而非恶意。其核心能力与“从文档生成 Skill”目的基本一致，但存在三点风险叠加：未明确来源的前置“Playwright Skill”、本地 install/update-self 脚本缺少发布校验、以及将不可信外部文档转换为可安装 Skill 的间接提示注入面。未见凭证收集、第三方网关转发或明显数据外传。

No direct evidence of overt malicious behavior (e.g., eval-based execution, credential theft, or explicit network exfiltration) is present in the shown fragment. However, the module contains high-impact filesystem capabilities—recursive copy/force overwrite into a user-controlled destination and a self-update routine that recursively deletes all contents under a destination directory derived from untrusted input. Additionally, critical behaviors are delegated to unshown internal functions (fetch/generate/loadExtract/install) using data influenced by user parameters and parsed doc-source.json, increasing overall supply-chain risk if those internals are unsafe. Constrain and validate params.target/params.skillName to a safe base directory and avoid recursive force deletion unless strongly guarded.