Word to MD
Security checks across malware telemetry and agentic risk
Overview
This skill appears to do what it says: convert Word documents to Markdown through the MinerU CLI/API, with ordinary third-party package and document privacy risks.
Before installing, verify that you trust the mineru-open-api npm package and the MinerU service. Avoid processing confidential Word documents unless you are comfortable sending them to that service, and keep any MinerU API token private.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.