Back to skill

Security audit

Journal Matchmaker

Security checks across malware telemetry and agentic risk

Overview

This skill appears useful for journal matching, but its file-handling scope is broader than the stated purpose and its documentation reportedly overstates path safety.

Install only if you are comfortable with the skill reading local files you explicitly provide. Avoid letting it choose file paths from untrusted prompts, do not pass sensitive files as the abstract input, and check where it writes outputs before using it in shared or synchronized workspaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
When `--file` is used, the program reads any path supplied in `--abstract` with no restriction to expected input locations or file types. In an agent setting, this broad local file read capability exceeds the journal-recommendation purpose and could be abused to access sensitive local files if an attacker can influence arguments or prompts.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill states that it can write output files to the workspace, but it does not clearly warn users in the main usage flow that running it may create or modify files. That can lead to unexpected persistence of data, accidental overwrites, or exposure of sensitive manuscript content in saved outputs, especially in shared or synchronized workspaces.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.