文档格式校正

Security checks across malware telemetry and agentic risk

Overview

This document-formatting skill is local and not exfiltrating data, but it overpromises that text is never changed while its scripts can alter whitespace and blank paragraph structure.

Install only if you are comfortable with whitespace and blank-line normalization. Use it on copies of important documents, review or diff the output before relying on it, and avoid treating it as strictly text-preserving for contracts, evidence, compliance files, code-like Markdown, or templates where spacing matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 82% confidence
Finding: The skill instructs the agent to read and write user files by invoking local scripts, but it does not declare any corresponding permissions. That creates a capability/permission mismatch where file system access may occur without explicit user or platform visibility, increasing the risk of unintended document access or overwrite. In a document-editing skill, this is especially relevant because the normal workflow inherently touches potentially sensitive files.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The skill promises 'only formatting, never changing text,' but the described behavior and referenced scripts can delete trailing spaces/tabs, collapse blank lines, rewrite list indentation, and add newlines. This is a true integrity issue because users may trust the tool for no-content-change workflows such as legal, academic, or official documents, yet the output can silently alter meaningful text structure or semantics. The mismatch is more dangerous in this context because the skill markets itself as strictly preserving content.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The script claims to preserve document text exactly, but it directly rewrites run.text in remove_trailing_spaces() and deletes paragraphs in remove_empty_paragraphs(). In a formatting-only skill, this creates a semantic integrity risk: legal, academic, or compliance documents can be altered despite the user's explicit expectation that content will remain unchanged.

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The top-level documentation states the tool performs only formatting changes and does not modify any text, but the implementation does modify textual content and remove blank paragraphs. This mismatch is dangerous because downstream agents or users may trust the safety contract and run the tool on sensitive documents where even whitespace or paragraph changes are material.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal