Back to skill

Security audit

Xtranslate

Security checks across malware telemetry and agentic risk

Overview

Xtranslate appears to be a real document translator, but it needs review because cloud mode can send document contents to external or custom endpoints without prominent consent warnings and its API-key safety claims are overstated.

Review before installing if you translate confidential, legal, customer, or business documents. Prefer Ollama/local mode for sensitive files, avoid custom API endpoints unless you trust them, scope batch runs to narrow folders, do not rely on the saved-key encryption for valuable API credentials, and install in an isolated environment with pinned dependency versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (24)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs the agent to read user-supplied files, write translated outputs and temporary artifacts, and access API keys from environment variables, yet it declares no corresponding permissions. This mismatch is dangerous because users and the platform may underestimate the skill's access to sensitive documents, local storage, and secrets, reducing informed consent and weakening policy enforcement.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill promotes cloud translation and 'full-process monitoring' but does not prominently warn that document contents, extracted text, filenames, or metadata may be sent to third-party model providers and logged locally. For a document-translation tool, this is especially risky because users may submit confidential business, legal, personal, or regulated documents without realizing their contents could leave the local environment and be retained in monitoring records.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents automatic creation of output directories, temporary PDF-conversion artifacts, and monitoring records, but it does not clearly warn users that copies or derivatives of sensitive documents may persist on disk. This creates confidentiality and retention risk, especially on shared systems, because translated files, temp files, and logs can expose document contents after the primary task is complete.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The DOCX/XLSX translation paths send extracted document text to a `translator` object without any visible consent, notice, or data-handling controls in this module. If the translator uses a remote API, sensitive document contents may be disclosed outside the local environment, creating a real confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The PPTX translation routine iterates through slide text and passes each run to `translator.translate_text` with no visible warning, approval gate, or trust boundary enforcement. In typical deployments this can leak confidential presentation content to an external translation provider, especially because slide decks often contain business-sensitive material.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code accepts a user-supplied custom API base URL and model for cloud translation, then proceeds to translate document contents without any explicit warning, consent prompt, or trust validation. In this skill's context, users may process sensitive local documents, so allowing arbitrary remote endpoints can silently exfiltrate document content to an untrusted service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The cloud translation path sends arbitrary input text directly to a third-party API provider. If callers pass sensitive material, source content is disclosed off-host without any notice, consent gate, or local-only safeguard in this component, creating a real privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The batch translation flow transmits multiple text segments to the external cloud model in one request, increasing the volume of potentially sensitive data exposed to the provider. The skill context is a translator, so outbound text transfer is functionally expected, but it is still dangerous without clear disclosure, tenant/data-boundary controls, or safeguards against uploading confidential content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The template explicitly shows sending `text` supplied by the user to a remote translation model API, but it provides no notice, consent, or guidance about handling sensitive content before external transmission. In a translation skill, users may input confidential documents, so silent transmission to a third-party provider creates a real privacy and data-governance risk even if this is normal product behavior.

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-docx
pdf2docx
openai
jieba
Confidence
97% confidence
Finding
python-docx

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-docx
pdf2docx
openai
jieba
cryptography
Confidence
97% confidence
Finding
pdf2docx

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-docx
pdf2docx
openai
jieba
cryptography
customtkinter
Confidence
96% confidence
Finding
openai

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-docx
pdf2docx
openai
jieba
cryptography
customtkinter
ollama
Confidence
95% confidence
Finding
jieba

Unpinned Dependencies

Low
Category
Supply Chain
Content
pdf2docx
openai
jieba
cryptography
customtkinter
ollama
translate
Confidence
99% confidence
Finding
cryptography

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai
jieba
cryptography
customtkinter
ollama
translate
openpyxl
Confidence
94% confidence
Finding
customtkinter

Unpinned Dependencies

Low
Category
Supply Chain
Content
jieba
cryptography
customtkinter
ollama
translate
openpyxl
python-pptx
Confidence
99% confidence
Finding
ollama

Unpinned Dependencies

Low
Category
Supply Chain
Content
cryptography
customtkinter
ollama
translate
openpyxl
python-pptx
striprtf
Confidence
95% confidence
Finding
translate

Unpinned Dependencies

Low
Category
Supply Chain
Content
customtkinter
ollama
translate
openpyxl
python-pptx
striprtf
Confidence
98% confidence
Finding
openpyxl

Unpinned Dependencies

Low
Category
Supply Chain
Content
ollama
translate
openpyxl
python-pptx
striprtf
Confidence
96% confidence
Finding
python-pptx

Unpinned Dependencies

Low
Category
Supply Chain
Content
translate
openpyxl
python-pptx
striprtf
Confidence
94% confidence
Finding
striprtf

Known Vulnerable Dependency: python-docx — 2 advisory(ies): CVE-2016-5851 (Improper Restriction of XML External Entity Reference in python-docx); CVE-2016-5851 (python-docx before 0.8.6 allows context-dependent attackers to conduct XML Exter)

High
Category
Supply Chain
Confidence
98% confidence
Finding
python-docx

Known Vulnerable Dependency: cryptography — 10 advisory(ies): GHSA-39hc-v87j-747x (Vulnerable OpenSSL included in cryptography wheels); CVE-2023-50782 (Python Cryptography package vulnerable to Bleichenbacher timing oracle attack); GHSA-5cpq-8wj7-hf2v (Vulnerable OpenSSL included in cryptography wheels) +7 more

High
Category
Supply Chain
Confidence
94% confidence
Finding
cryptography

Known Vulnerable Dependency: ollama — 6 advisory(ies): CVE-2024-8063 (A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulne); CVE-2025-1975 (A vulnerability in the Ollama server version 0.5.11 allows a malicious user to c); CVE-2025-44779 (An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sendin) +3 more

High
Category
Supply Chain
Confidence
95% confidence
Finding
ollama

Known Vulnerable Dependency: openpyxl — 2 advisory(ies): CVE-2017-5992 (Improper Restriction of XML External Entity Reference in Openpyxl); CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows remote attack)

High
Category
Supply Chain
Confidence
98% confidence
Finding
openpyxl

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.