Graphical Abstract Wizard

Security checks across malware telemetry and agentic risk

Overview

This is a local academic abstract helper with ordinary user-directed file input and output risks, not evidence of hidden or malicious behavior.

Install and run this as a local CLI. Use stdin or clearly intended abstract files, avoid passing confidential unpublished research unless local processing is acceptable, and choose a fresh output filename because -o can overwrite an existing file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill documents file read/write behavior and local script execution, but it does not declare corresponding permissions or enforce clear boundaries on what paths may be accessed. In an agent ecosystem, missing permission declarations can cause users or orchestrators to underestimate the skill's filesystem reach, increasing the risk of unintended file access or overwrite if the implementation is permissive.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill accepts `--abstract` as either raw text or a filesystem path, which gives it local file read capability beyond its stated purpose. It also accepts `--output` and writes to an arbitrary path, enabling file creation or overwrite; while this is typical CLI behavior, it expands the skill's access surface and could expose sensitive local files or modify user data if invoked by a higher-privilege agent.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code attempts to open whatever string is passed to `--abstract` as a local path before treating it as literal text. In an agent setting, that means untrusted input can trigger reads of local files unrelated to graphical abstract generation, potentially leaking secrets or private data through the analysis output.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: Writing formatted output to any user-supplied path allows arbitrary file creation or overwrite. In a standalone CLI this may be expected, but in an agent or plugin context it is broader than the declared purpose and can be abused to clobber application files, shell profiles, or other sensitive paths.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill states that OpenAI API use is optional for enhanced analysis, but it does not clearly warn users that submitted abstracts may be transmitted to an external service. Academic abstracts can contain unpublished, confidential, or embargoed research content, so silent external transmission creates a meaningful data exposure and consent risk.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The file write uses plain write mode without warning or confirmation, so an existing file at the chosen path will be silently overwritten. This is primarily an integrity and usability issue, but in automated environments it can still cause data loss or destructive side effects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal