HTML to HTML

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed MinerU HTML-cleanup helper that requires user-chosen inputs and a MinerU token, with no hidden code or automatic behavior found.

Install only if you intend to use MinerU for HTML cleanup. Do not process confidential, regulated, or proprietary pages or local HTML exports unless MinerU's data handling is acceptable for your use case, and handle MINERU_TOKEN like a secret.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill encourages users to submit remote URLs and local HTML files to a third-party MinerU service and notes that a token is required, but it does not clearly warn users that the referenced content is transmitted off-host for processing. This can mislead users into sending sensitive internal pages, scraped content, or local HTML exports to an external service without informed consent, creating confidentiality and compliance risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal