Citation Chasing Mapping

Security checks across malware telemetry and agentic risk

Overview

This is a coherent citation-network research helper with expected API lookups and local output files, not evidence of hidden or harmful behavior.

Install if you want a research tool that can run local Python, query Semantic Scholar, and write graph output files. Choose explicit output paths to avoid overwriting existing files, and avoid sending confidential unpublished research topics or private identifiers to third-party APIs unless that is acceptable for your workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The examples write multiple local files such as network exports and visualizations without warning that existing files may be created or overwritten. In an agent setting, this can cause unintended modification of the user's workspace or loss of local data, especially when the model follows examples mechanically.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The skill summary is very broad and does not clearly constrain when the skill should be invoked, which can cause over-triggering in loosely related research tasks. In an agent setting, ambiguous activation increases the chance the skill is used on unintended inputs, potentially expanding exposure to prompt injection or causing unnecessary external data access and misleading outputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal