ManualExpert

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the stated manual translation and Word export work without hidden network access, credential use, persistence, or destructive behavior.

Before installing, confirm that Chinese-to-English manual translation and local Word export are what you want. Use it only with manuals you are comfortable processing in your agent environment, install python-docx from a trusted package source if required, and choose output paths carefully to avoid overwriting files.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill hard-codes English as the translation target in its core bilingual output rules, which can override or ignore the user's requested target language. This is dangerous because it can cause silent task deviation, incorrect deliverables, and potential disclosure or mishandling of sensitive document content in an unintended language workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal