Back to skill

Security audit

Journal Meta

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent paper-metadata purpose, but it automatically searches broad local directories and executes discovered helper scripts without strong provenance checks.

Install only if you are comfortable with paper identifiers or titles being sent to OpenAlex/Crossref and with the skill running locally discovered journal helper scripts. In sensitive environments, avoid setting helper CLI environment variables unless the paths are trusted, consider using --no-if and --no-abbrev, and do not use private or unpublished paper titles unless outbound lookup is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def _call_cli(path, args, timeout=40):
    try:
        p = subprocess.run([sys.executable, path, *args, "--format", "json"],
                           capture_output=True, text=True, timeout=timeout)
    except (subprocess.TimeoutExpired, OSError):
        return None
Confidence
90% confidence
Finding
p = subprocess.run([sys.executable, path, *args, "--format", "json"], capture_output=True, text=True, timeout=timeout)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill recursively searches multiple local directories, including user home plugin/skill paths, to locate helper scripts and then executes the first matching file. This broad filesystem discovery greatly expands the trust boundary: a malicious local file named jabbrv.py or journal_if.py can be planted and executed even though basic paper metadata lookup does not require arbitrary local code discovery.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The README states that identifiers are resolved through OpenAlex and Crossref and documents optional mailto-based configuration, but it does not clearly warn users that their supplied DOI/PMID/title queries and optional email address may be transmitted to third-party services. This is primarily a privacy/transparency issue rather than code execution, but it can expose user research interests or personal contact information without explicit notice.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
User-supplied queries are sent to external services, and the code may append a mailto email address from environment variables to requests, without any user-facing notice or consent mechanism. This can leak sensitive paper titles, identifiers, or internal research topics to third parties, which is especially relevant in agent workflows handling private data.

External Transmission

Medium
Category
Data Exfiltration
Content
# --------------------------------------------------------------------------- #
def openalex_fetch(id_type, value):
    """Return an OpenAlex work dict, or raise MetaError."""
    base = "https://api.openalex.org/works"
    try:
        if id_type == "doi":
            return _get_json("%s/https://doi.org/%s" % (base, urllib.parse.quote(value, safe="/")))
Confidence
90% confidence
Finding
https://api.openalex.org/

External Transmission

Medium
Category
Data Exfiltration
Content
# --------------------------------------------------------------------------- #
def crossref_fetch(doi):
    try:
        msg = _get_json("https://api.crossref.org/works/%s" % urllib.parse.quote(doi, safe="/"))["message"]
    except urllib.error.HTTPError as e:
        if e.code == 404:
            raise MetaError("not_found", "No paper matched DOI: %r" % doi, exit_code=3)
Confidence
88% confidence
Finding
https://api.crossref.org/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.