Word to HTML

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Word-to-HTML converter that uses the disclosed MinerU CLI/API, with normal privacy and token-handling cautions for a cloud document service.

Before installing, verify the mineru-open-api package and publisher, avoid sending confidential Word documents unless MinerU is approved for that data, and handle API tokens as secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill directs users to process Word documents via the MinerU API/CLI but does not disclose that document contents may be transmitted to a third-party service. This is dangerous because users may submit sensitive documents under the assumption the conversion is local, causing unintended data exposure or compliance violations.

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The skill tells users to authenticate with a token but does not explain that credentials may be stored by the CLI or environment and should be handled as secrets. This can lead to token leakage through shell history, shared environments, or insecure local storage practices.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal