Security audit

用于为Word文档开启并调整修订模式，添加、删除批注等功能

Security checks across malware telemetry and agentic risk

Overview

This skill is a local Word document editing helper with ordinary file-handling risks but no evidence of hidden, credential-related, network, persistent, or malicious behavior.

Install only if you want an agent to edit local Word documents. Work on copies or explicit output files, verify the current directory before running the manual cleanup commands, avoid using it for generic non-DOCX comments, and install python-docx only from a trusted package source if using the script.

SkillSpector

By NVIDIA

Vulnerability Patterns

Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill clearly instructs users or the agent to unpack, modify, and repackage .docx files, which is file-write behavior, yet no permissions are declared. That creates a governance and transparency gap: an agent may modify local files without the permission model making that capability explicit.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger terms are broad and overlap with common user intents such as '添加评论' or '添加注释,' which could cause the skill to activate in contexts unrelated to Word documents. Over-broad routing increases the chance of unintended file operations or the wrong tool being selected for a request.

Chaining Abuse

High

Category: Tool Misuse
Content: 1. 解压文档：`unzip -o document.docx -d docx_temp` 2. 编辑 XML 文件 3. 重新打包：`cd docx_temp && zip -r ../output.docx . && cd .. && rm -rf docx_temp` ---
Confidence: 94% confidence
Finding: && rm -

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal