Plagiarism Checker

Security checks across malware telemetry and agentic risk

Overview

This is a local text-similarity pre-screener with some overstated capabilities, but no evidence of hidden data access, network transfer, persistence, or destructive behavior.

Install only if you want a lightweight local pre-screener for repeated or highly similar passages within submitted text. Do not rely on it as a full plagiarism detector against external sources, and do not assume docx support works. Use a deliberate output filename because an existing report file may be overwritten.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill documentation indicates file read and file write capabilities, but no explicit permissions are declared. This creates a governance and sandboxing gap: operators may approve or run the skill without understanding its actual file-system access, increasing the chance of unauthorized reads, overwrites, or data leakage if implementation is broader than expected. In this context, the skill processes user documents and writes reports, so undeclared file access is materially relevant rather than purely cosmetic.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill is presented as a plagiarism/originality checker for documents, including docx support, but the documented behavior only performs local intra-document similarity analysis and explicitly cannot check external sources. This mismatch can mislead users into relying on it for academic, legal, or compliance-sensitive originality assessments, causing false assurance and potentially serious downstream harm; the claimed docx support gap also creates unsafe assumptions about accepted inputs and processing behavior.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal