Back to skill

Security audit

docx

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent DOCX tool, but it needs review because its unpack helper can unsafely extract crafted Office files and its setup suggests system-wide installs.

Install only if you are comfortable running DOCX tooling that can edit local files and may ask for system package installs. Use it on copies of important documents, avoid opening untrusted Office files with its unpack script until archive path validation is fixed, and approve any sudo or global package install only in an isolated environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description ends with a broad catch-all trigger such as 'or any other document tasks,' which can cause the skill to activate for loosely related requests. Overbroad invocation increases the chance that shell, file, and document-processing instructions are applied in contexts the user did not specifically intend, raising misuse and overreach risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script extracts a user-supplied Office file with zipfile.extractall() directly into the chosen output directory without validating archive member paths. A malicious ZIP/OOXML file can contain path traversal entries or symlinks that cause files to be written outside the intended directory, leading to arbitrary file overwrite in the context of the user running the tool. In this skill context, handling untrusted .docx/.pptx/.xlsx files makes the issue more dangerous because document-processing tools commonly receive attacker-controlled inputs.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.