Academic Formula Converter

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local Markdown formula converter, with ordinary caution needed for untrusted Markdown image links and generated HTML.

Install only in an environment where you are comfortable using the requested Python packages. Convert Markdown you trust, or review image links and raw HTML first, because local image paths in Markdown can be embedded into the generated Word file and raw HTML may carry into the generated HTML output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes broad terms like '数学公式', '论文公式', and 'formula converter' that can appear in ordinary conversation, increasing the chance the skill is invoked without a clear user request to run it. This can cause unintended processing of user content and incorrect tool activation, which is a genuine security and safety issue even if the skill itself appears non-malicious.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal