Conference Abstract Adaptor

Security checks across malware telemetry and agentic risk

Overview

This skill is a local abstract-formatting helper that only reads a chosen text file and optionally writes the adapted result to a chosen output file.

Install only if you are comfortable running a small local Python text-processing script. Use abstract files you intend to process, choose an output path inside your workspace, and avoid naming an existing file unless you are willing to overwrite it.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill documentation describes file write capability via the `--output` parameter and states that output files are saved to the workspace, but it does not declare permissions in a machine-enforceable way. This creates a mismatch between documented behavior and declared security boundaries, which can allow downstream systems or reviewers to underestimate the skill's ability to modify files. In context, the skill is expected to read and write local files, so this is not inherently malicious, but undeclared write access is still a real security weakness.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal