Back to skill

Security audit

ODT File Manager & Editor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local ODT editor, with disclosed optional NextCloud examples that warrant care around overwriting documents but do not show hidden or malicious behavior.

Install only if you are comfortable adding the `odfdo` Python package. For important or shared ODT files, inspect first, work on a copy or temporary file, and only upload or overwrite the original after reviewing the result.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The reference includes executable guidance for downloading and uploading files via a different skill using subprocess, even though this skill is described as document-level ODT editing only. That expands the effective capability surface from local document manipulation to remote file transfer and overwrite, which can cause unintended data modification or exfiltration if an agent follows the example without clear scope boundaries or user confirmation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The example workflow downloads a remote document to a fixed local path, edits it in place, and uploads it back to the same remote path with no warning, dry-run, backup, or confirmation step. In an agentic setting, this can lead to silent overwrites of local or remote documents, data loss, or modification of the wrong file if paths are mistaken or attacker-influenced.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.