ClawHub

paper-originality-studio

Security checks across malware telemetry and agentic risk

Overview

This is a local academic editing skill with disclosed file-processing and comparison features, but it should be used for legitimate revision rather than plagiarism or detector evasion.

Install only if you want a local helper for legitimate academic editing, audit notes, and manuscript restructuring. Do not use it to disguise plagiarism, bypass review systems, fabricate sources or data, or outsource prohibited academic work. Be careful with confidential drafts, and independently verify the included publishing/patent phone-number advertisement before contacting it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises shell execution and file read/write behavior via recommended commands, but its metadata declares no permissions or user-visible capability boundaries. That mismatch can cause the agent runtime or user to invoke tooling with broader filesystem and command execution access than expected, increasing the risk of unintended file access, overwrites, or command abuse.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill is framed as compliant originality optimization, but the documented workflow includes similarity measurement, shared-fragment analysis, AI-style detection, and comparison tooling that can be repurposed to iteratively reduce detectable overlap. Even with policy disclaimers, these capabilities materially enable optimization against plagiarism or AI-detection signals, which is more dangerous in this context because the stated use case is rewriting academic text.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal