Back to skill

Security audit

Paper review pro

Security checks across malware telemetry and agentic risk

Overview

This looks like a real paper-review tool, but it handles research data and local gateway credentials with under-disclosed network behavior.

Install only if you are comfortable with research queries, paper titles, authors, abstracts, DOI/arXiv identifiers, and saved local reports being processed by the configured services. Use --no-llm and --no-use-api for a more local workflow, and verify OPENCLAW_GATEWAY_URL before allowing the skill to use any OpenClaw gateway token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and instructs use of capabilities including network access, local file read/write, and likely environment access, but the manifest shown in SKILL.md does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: a user or platform may treat the skill as lower risk than it really is, while the described scripts can still access external services, local paths under ~/.openclaw, and configuration or credentials.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document instructs users to send paper titles, abstracts, and user queries to external LLM services, but it does not clearly warn that this transfers potentially sensitive research data outside the local environment. In a paper-review workflow, unpublished abstracts, proprietary search topics, or confidential research directions may be exposed to third-party providers or local gateway services with separate logging and retention policies.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The module transmits the user's query and portions of paper abstracts to third-party LLM services without any explicit consent gate, warning, or data-classification check. In a research workflow, queries and unpublished or licensed abstract text can be sensitive, so silent transmission can create privacy, compliance, and confidentiality exposure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
When `use_api=True`, the code sends DOI or arXiv-derived identifiers to Semantic Scholar over the network without any built-in consent prompt, disclosure notice, redaction, or policy gate. Even though the transmitted data is not highly sensitive in all cases, paper metadata, identifiers, and access patterns can reveal a user's research interests or unpublished work context, so this is a real privacy and data-governance issue in a paper-review skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The summarizer transmits paper title, authors, and abstract to external LLM services by default, but the CLI and function contract do not provide a clear user-facing disclosure or consent step. This creates a privacy and data-governance risk, especially when processing unpublished, proprietary, or sensitive research content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.