Word OCR

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Word OCR skill that uses MinerU’s external CLI/API, with privacy considerations but no hidden or malicious behavior evident.

Install only if you trust MinerU and the mineru-open-api package. Avoid processing confidential, regulated, client, or personal documents unless you are comfortable with possible external OCR processing, and protect any MinerU token used for advanced extraction.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly relies on the MinerU API and CLI, but the description and workflow do not clearly warn users that document contents may be transmitted to a third-party service for processing. Because Word files often contain sensitive business or personal data, this omission can cause unintended disclosure and privacy/compliance issues when users invoke the skill without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal