Authorship CRediT Gen

Security checks across malware telemetry and agentic risk

Overview

The skill appears to overstate its ability to make academic authorship decisions while providing unclear or inconsistent execution guidance.

Review this skill carefully before installing. Treat its outputs as drafting or formatting assistance only unless the publisher documents and tests the actual ICMJE/CRediT evaluation logic, fixes the quick-start examples, and clearly declares any file paths it reads or writes. VirusTotal was pending and is not the basis for this verdict.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises and demonstrates file-reading and file-writing behavior via scripts and exports, but does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: a host system or reviewer may approve the skill under the assumption that it is non-invasive, while it can still access or emit local artifacts during execution.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The skill claims to make fairness-sensitive authorship determinations under ICMJE/CRediT guidance, but the analyzed behavior reportedly only formats user-supplied roles and does not perform the promised evaluation or dispute-resolution logic. In a research-authorship context, this is dangerous because users may rely on the tool for ethically and professionally significant decisions, leading to misleading outputs, improper credit assignment, or institutional disputes under false assurance of compliance.

Intent-Code Divergence

Medium

Confidence: 83% confidence
Finding: The Quick Start block references classes and methods that likely do not exist or do not match the packaged entry point, which can mislead users into invoking unsupported interfaces or trusting capabilities the skill does not provide. In security terms, contradictory execution guidance increases the chance of unsafe operator workarounds, local code modification, or accidental execution of unintended modules while trying to make the examples work.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal