Back to skill

Security audit

AI Conference Deadline Radar

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent conference-deadline lookup helper that fetches public deadline indexes and asks agents to verify official sources before making submission decisions.

Before installing, be aware that the skill may run a local Python helper during relevant conference-deadline questions, fetch public deadline index pages, and store a temporary cache file. Use it for deadline planning only, and rely on its own guidance to verify decision-critical dates against official CFP, OpenReview, or submission pages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to execute a local Python helper that performs network access and uses a temp cache, but the skill metadata does not declare corresponding permissions. This creates a capability/consent mismatch: an installer or host may treat the skill as low-risk while it can read environment context, access files, write cache files, and fetch remote content during use.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill enables implicit invocation while advertising a broad, natural-language purpose ('answer which AI conference deadlines matter') without tight trigger constraints. That can cause the agent to invoke this skill in loosely related planning or research contexts, leading to unintended tool use, over-collection of user context, or routing decisions based on an unnecessary external lookup path.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.