论文格式检查

Security checks across malware telemetry and agentic risk

Overview

This skill locally checks Word thesis formatting and writes user-requested reports; the flagged document-editing code is part of a disclosed auto-formatting path, not evidence of hidden or unsafe behavior.

Install only if you are comfortable giving the skill access to the thesis and template DOCX files you choose. Use the documented check/report commands for read-oriented review, and keep backups before using any auto-formatting or repair workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 86% confidence
Finding: The function mutates the input DOCX by assigning built-in heading styles and clearing manual bold formatting, which exceeds a read-only 'check/compare/report' capability. In a skill advertised as a format checker, this creates an integrity risk: user documents can be altered unexpectedly, and downstream processing may rely on these modified styles as if they were original content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal