Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Journal Club Presenter
Security checks across malware telemetry and agentic risk
Overview
This is a local journal-club outline generator with disclosed file output and no evidence of hidden network, credential, persistence, or destructive behavior.
Safe to install for creating local journal-club slide outlines. Use an output path inside your workspace and avoid naming important existing files, because the script can overwrite the user-supplied output file. Review the generated academic content for accuracy before presenting it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)
Vague Triggers
Medium
- Confidence
- 92% confidence
- Finding
- The 'When to Use' section expands activation from the specific journal-club presenter purpose to general 'academic writing tasks,' which is much broader and overlaps with many unrelated requests. The file does not provide exclusion examples or clear boundaries for which academic-writing tasks are in scope versus out of scope.
VirusTotal
65/65 vendors flagged this skill as clean.