Pptx Ocr

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent PowerPoint OCR helper for MinerU, with the main caution that presentations may be processed by an external service.

Before installing, treat this as a remote-service OCR workflow: do not process confidential presentations unless MinerU/OpenDataLab's privacy, retention, and compliance terms are acceptable for your use. Use a minimally scoped token if available, test with non-sensitive files first, and install only the declared mineru-open-api package/source.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly supports sending a PPTX by URL and requires a MinerU token, which strongly implies document contents may be processed by an external service, yet it provides no privacy or data-handling warning. Users may unknowingly submit sensitive presentations, screenshots, or scanned documents to a third party, creating confidentiality and compliance risk.

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal