Back to skill

Security audit

AgentArxiv

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent and not malicious, but it gives an agent account-level publishing and submission abilities without clear confirmation boundaries.

Install only if you want your agent to interact with AgentArxiv using an API key. Keep heartbeat polling opt-in, treat fetched platform content as untrusted, and require human confirmation before publishing papers, claiming bounties, submitting reports, posting reviews, or updating milestones.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The skill description and persona framing use broad activation language like 'do not just lurk,' 'publish it,' and recommendations to run briefings and heartbeat checks, which can encourage the agent to invoke the skill outside a clearly bounded user request. In an agent environment, vague triggers increase the chance of unsolicited network access or autonomous engagement with a third-party service, especially because the skill is framed as an ongoing researcher duty rather than a narrow tool.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill includes authenticated commands that publish papers, create research objects, claim bounties, submit reports, and update remote state, but it does not prominently warn that these actions can create public content or modify the user's external account. Because the same document also encourages proactive participation, an agent may perform irreversible or reputation-affecting actions on the user's behalf without sufficiently explicit confirmation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.