Semanticscholar Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Semantic Scholar research helper with disclosed API access and optional local exports, but users should be mindful of query privacy and saved result files.

Install this if you are comfortable with a Python helper sending academic search queries and identifiers to Semantic Scholar. Use a dedicated S2_API_KEY if you provide one, avoid searching confidential research topics without approval, and only use export functions when you want result files saved locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 83% confidence
Finding: The skill includes file-writing helpers that are outside the stated search-and-lookup scope, enabling local persistence of returned data. While not overtly malicious, this broadens the skill's capability and can write arbitrary API response content to disk, which may surprise the caller and create data handling or overwrite risks in an agent environment.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: The export_markdown and export_json functions can persist arbitrary result data to local files even though the skill is scoped to remote academic retrieval. In an agent setting, unnecessary filesystem access increases the blast radius for misuse, retention of sensitive data, and accidental overwriting of local files if paths become user-influenced.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The README states the skill 'Triggers automatically whenever the user mentions papers, citations, academic search, literature discovery,' which is broad enough to activate on many ordinary academic conversations. Over-broad auto-triggering can cause unintended external API use, unnecessary data transmission, and surprising behavior when users did not explicitly request this skill.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill advertises export functions that save data to files but does not warn the user before file-writing occurs. Silent writes can surprise users, overwrite existing files, or persist sensitive research queries/results on disk without clear consent.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill enables implicit invocation without defining any trigger scope, exclusions, or tighter routing conditions. That makes the agent more likely to auto-select this skill for loosely related prompts, causing unintended external API calls, possible data disclosure in queries sent to Semantic Scholar, and expanded attack surface through overbroad tool activation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal