Back to skill

Security audit

8917 DOCX Official

Security checks across malware telemetry and agentic risk

Overview

This skill mostly performs document conversion, but its optional PDF mode can compile and load native code in LibreOffice from a shared temp location, so it needs review before installation.

Install only if you trust the publisher and are comfortable with PDF conversion running LibreOffice and potentially loading locally compiled native code. Prefer DOCX-only use when possible, avoid running it with elevated privileges, and be cautious on shared systems where the temporary shim file could be tampered with.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return str(shim_so)
    src = Path(tempfile.gettempdir()) / "lo_socket_shim.c"
    src.write_text(_SHIM_SOURCE)
    subprocess.run(
        ["gcc", "-shared", "-fPIC", "-o", str(shim_so), str(src), "-ldl"],
        check=True, capture_output=True,
    )
Confidence
94% confidence
Finding
subprocess.run( ["gcc", "-shared", "-fPIC", "-o", str(shim_so), str(src), "-ldl"], check=True, capture_output=True, )

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes local executables (`python3`, `gcc`, `soffice`) and instructs the agent to run a conversion script that reads input files and writes output files, but it does not declare any corresponding permissions. This creates a capability/permission mismatch that can bypass expected guardrails, increasing the risk of unintended shell execution, file access, or abuse if user-controlled paths or content are passed into the workflow.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill deliberately compiles and injects an LD_PRELOAD shim into LibreOffice to alter low-level socket behavior. For a markdown-to-docx/pdf formatter, that is an unusually powerful and invasive capability that bypasses normal sandbox assumptions and creates a pathway for native-code execution inside a child process.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.