translate-manual

Security checks across malware telemetry and agentic risk

Overview

This skill is a DOCX manual translator that uses a disclosed external translation API and writes translated output files, with privacy cautions but no evidence of hidden or destructive behavior.

Install only if you are comfortable sending manual text to DeepLX or the configured translation service. Use a limited API key, avoid confidential or regulated documents unless third-party translation is approved, choose clear output paths, and only let it start local apps for screenshots when the project is trusted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill documents use of environment-provided secrets and outbound network access, but no permissions are declared. That creates a transparency and governance gap: users and hosting platforms cannot accurately assess that document contents may be sent externally or that credentials may be consumed during execution.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented behavior diverges from the stated purpose by introducing external translation API transmission, document/image extraction, and local content enumeration without clearly disclosing those actions, while also not implementing some promised screenshot-replacement features. This mismatch undermines informed consent and can lead users to expose sensitive document text or local files under false assumptions about what the skill actually does.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: Instructing operators to run local projects or applications via package-manager commands expands the skill from document translation into arbitrary local code execution territory. In context, that is riskier because translation tasks commonly handle untrusted customer documents, while starting local apps can execute unreviewed code, expose services, or alter the host environment.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The code sends document text to a third-party translation endpoint, which is a real data exposure risk when users may expect local-only processing from the skill description. Manuals often contain proprietary, internal, or regulated content, so transmitting their contents off-host without clear disclosure and consent can violate privacy, confidentiality, or policy requirements.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README instructs users to pass API keys via command-line arguments or environment variables without any warning about exposure risks. Command-line arguments can be visible via process listings, shell history, logs, or telemetry, and environment variables may leak through crash dumps, inherited subprocesses, or misconfigured CI/CD systems; in an agent-executed skill, these risks are amplified because orchestration layers often capture execution details.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill asks for a DeepLX API key and describes sending text to an external translation service, but provides no warning about secret handling, data classification, retention, or third-party exposure. This is dangerous because manuals often contain proprietary or confidential content, and users may unknowingly transmit it off-platform along with exposing credentials.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The workflow describes modifying the DOCX and repeatedly saving intermediate outputs without warning about overwrite behavior, destination paths, backups, or image replacement side effects. That can cause accidental data loss, corruption of the original manual, or uncontrolled proliferation of derived files containing sensitive content.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code transmits raw document content to an external API without warning users in usage text or comments, which creates a meaningful confidentiality and compliance risk. In the context of document localization, users may upload manuals containing sensitive internal procedures, customer data, or trade secrets, making silent exfiltration to a remote service more dangerous.

External Transmission

Medium

Category: Data Exfiltration
Content: API 格式： ``` POST https://api.deeplx.org/{API_KEY}/translate Body: {"text": "原文", "target_lang": "目标语言代码"} ```
Confidence: 90% confidence
Finding: https://api.deeplx.org/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal