superdocx

Security checks across malware telemetry and agentic risk

Overview

This is a Word/DOCX handling guide with no executable code; the main issue is a garbled, non-actionable phrase in its description.

Reasonable to install if you want help with Word/DOCX workflows. Review outputs before replacing originals or sharing documents, especially files with tracked changes, comments, fields, legal/business content, or macros. The publisher should clean up the odd phrase in the description, but it does not by itself indicate malicious behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The skill description includes clearly garbled and unrelated text ('ncaa staff e ο om reputation...'), which makes the activation criteria ambiguous and weakens reliable interpretation of when the skill should be used. In an agent setting, malformed routing metadata can cause incorrect skill selection, reduce operator trust, or create opportunities to hide adversarial instructions in ostensibly descriptive fields.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal