Doc Handler - 文档处理

Security checks across malware telemetry and agentic risk

Overview

This is a simple local document-reading skill with some rough documentation, but no evidence of hidden exfiltration, persistence, or destructive behavior.

Install only if you are comfortable letting the agent read the specific Word, PDF, or Excel files you provide. Avoid sensitive documents unless disclosure to the agent is intended, install the Python dependencies from trusted sources, and treat the advertised write/edit feature as unsupported in this version.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The read_when triggers are broad generic phrases like '读取文档' and '编辑文档', which can cause the skill to activate in contexts where the user did not intend file access or modification. In an agent environment, overscoped invocation conditions increase the chance of unintended document reads, writes, or parsing of sensitive local files.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill advertises document-writing capability but does not warn that executing the write command can modify user files on disk. In a tool-using agent, omission of modification warnings and safety checks can lead to accidental overwrites, data loss, or unauthorized changes to important documents when the agent infers intent incorrectly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal