Back to skill

Security audit

Read Microsoft Word documents (.docx and .doc) with Chinese support

Security checks across malware telemetry and agentic risk

Overview

This is a local Word-document reader/exporter with disclosed, user-directed file access and no evidence of hidden network, credential, persistence, or destructive behavior.

Before installing, confirm you are comfortable letting the agent read the Word files you choose and write extracted text to the output path you provide. For stricter environments, pin dependency versions and update the skill metadata to declare optional file-write.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Scope Creep

Medium
Confidence
94% confidence
Finding
The metadata declares only the "file-read" capability, but the skill description explicitly states it can "save as UTF-8 text files," which is a file-write operation. This creates a capability mismatch that can mislead users or policy engines into granting a skill more effective access than advertised, weakening permission-based security controls and auditability.

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-docx>=0.8.11
olefile>=0.46
Confidence
93% confidence
Finding
python-docx>=0.8.11

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-docx>=0.8.11
olefile>=0.46
Confidence
88% confidence
Finding
olefile>=0.46

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.