KML_SHP_CAD格式转换_V1.0

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real GIS/CAD conversion skill, but its DWG workflow can silently download and install third-party Windows software when used.

Install only if you are comfortable with the DWG feature downloading and silently installing ODA File Converter on Windows. Prefer manually installing ODA from a trusted source first, verify the installer where possible, and run DWG conversions in a constrained environment when handling files from untrusted sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: f"Error: {e}" ) from e LOG.info("[DWG] Installing silently (may take 30-60s) ...") result = subprocess.run( ["msiexec", "/i", msi_path, "/qn", "/norestart"], capture_output=True, text=True, timeout=180, )
Confidence: 98% confidence
Finding: result = subprocess.run( ["msiexec", "/i", msi_path, "/qn", "/norestart"], capture_output=True, text=True, timeout=180, )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: dwg_name = os.path.basename(dwg_path) LOG.info(f"[DWG] Converting DWG->DXF: {dwg_name}") try: subprocess.run( [oda_exe, tmp_in, tmp_out, "ACAD2018", "DXF", "0", "0", dwg_name], capture_output=True, text=True, timeout=120, )
Confidence: 89% confidence
Finding: subprocess.run( [oda_exe, tmp_in, tmp_out, "ACAD2018", "DXF", "0", "0", dwg_name], capture_output=True, text=True, timeout=120, )

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill downloads software from the internet and installs it automatically when a DWG file is processed. That creates a software supply-chain and arbitrary code execution risk because merely opening a supported input format can cause retrieval and execution of external code on the host.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: Executing external installer and converter binaries makes the skill capable of running code outside its own process, which is a significant security boundary crossing for a data conversion tool. If those binaries are malicious, replaced, or vulnerable, the host system can be compromised through normal skill use.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger list is broad enough to match many generic 'format conversion' or 'coordinate conversion' requests, increasing the chance this skill is invoked outside a narrow, user-intended context. Because the skill can write files and invoke external tooling, overbroad routing raises the risk of unnecessary access to user data and accidental execution paths.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill explicitly describes automatic download and silent installation of ODA File Converter, which is a system-modifying action performed without a strong, up-front consent boundary. This is especially dangerous because it combines network retrieval with local execution of an external binary, creating supply-chain and arbitrary code execution exposure if the source, integrity checks, or install path are compromised.

Missing User Warnings

High

Confidence: 99% confidence
Finding: Silent installation and execution of ODA software without explicit confirmation is unsafe because users may not realize the skill is changing the host environment and running third-party code. In this skill's context, handling a DWG file should not unexpectedly trigger software installation, making the behavior more dangerous and harder to audit.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal