Office Oxide MCP Server
Security checks across malware telemetry and agentic risk
Overview
The skill is a disclosed local Office/PDF document-processing MCP setup, with no scanner evidence of malware, but users should verify the package source before installing.
Before installing, verify that the Cargo package and GitHub source are the ones you intend to trust. Use it only on documents you are comfortable letting an MCP server read or modify, and prefer output copies when filling PDFs or propagating edits.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.