Back to skill

Security audit

📄 全能文档管家

Security checks across malware telemetry and agentic risk

Overview

This document-processing skill is purpose-aligned and contains no executable code or hidden behavior, though users should be careful with sensitive documents.

Before installing, confirm the package identity because the displayed install command and registry slug differ. Avoid uploading confidential, regulated, or secret documents unless you are comfortable having the agent process them, and review generated conversions or contract summaries manually before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly supports document upload, text extraction, URL summarization, and contract analysis, all of which commonly involve sensitive personal, legal, or corporate data. Without a privacy warning, retention/processing notice, or guidance against submitting secrets, users may unknowingly expose confidential information to the skill or downstream services.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The description invites users to upload 'any document' and emphasizes automatic extraction and summarization without clearly constraining supported file types, sensitivity levels, or processing boundaries. In a document-processing skill, overly broad upload scope can lead users to submit sensitive files they should not, increasing privacy, data-handling, and accidental over-collection risks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.