Back to skill

Security audit

Academic Research Hub

Security checks across malware telemetry and agentic risk

Overview

This is a normal academic paper search and download helper, with disclosed network use and user-directed file saving.

Install in a virtual environment, keep dependencies updated, and direct downloads or exports to a dedicated project folder. Be aware that search queries are sent to external academic services, and that some documented features such as Google Scholar, --citations, --full-text, or --include-references may not work in this script version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documents commands that perform network access to academic APIs and file writes for saved results and downloaded PDFs, but it declares no corresponding permissions. This creates a transparency and policy-enforcement gap: an agent may invoke data-transmitting or file-writing behavior without the platform being able to gate or surface those capabilities appropriately.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description is very broad and covers generic research-related requests, making it likely the skill will activate in contexts beyond narrow academic paper retrieval. Overbroad activation increases the chance that user queries and derived content are unnecessarily routed to external services or file-writing workflows when a simpler, non-tool response would suffice.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Academic Research Hub - Python Dependencies

# arXiv search
arxiv>=2.0.0

# Semantic Scholar search
semanticscholar>=0.8.0
Confidence
93% confidence
Finding
arxiv>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
arxiv>=2.0.0

# Semantic Scholar search
semanticscholar>=0.8.0

# PubMed search (via BioPython)
biopython>=1.81
Confidence
93% confidence
Finding
semanticscholar>=0.8.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
semanticscholar>=0.8.0

# PubMed search (via BioPython)
biopython>=1.81

# HTTP requests
requests>=2.31.0
Confidence
96% confidence
Finding
biopython>=1.81

Unpinned Dependencies

Low
Category
Supply Chain
Content
biopython>=1.81

# HTTP requests
requests>=2.31.0

# Optional: For enhanced parsing
beautifulsoup4>=4.12.0
Confidence
96% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0

# Optional: For enhanced parsing
beautifulsoup4>=4.12.0
lxml>=4.9.0
Confidence
92% confidence
Finding
beautifulsoup4>=4.12.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Optional: For enhanced parsing
beautifulsoup4>=4.12.0
lxml>=4.9.0
Confidence
97% confidence
Finding
lxml>=4.9.0

Known Vulnerable Dependency: biopython==1.81 — 2 advisory(ies): CVE-2025-68463 (Biopython is vulnerable to doctype XML external entity (XXE) injection through B); CVE-2025-68463 (Biopython is vulnerable to doctype XML external entity (XXE) injection through B)

Medium
Category
Supply Chain
Confidence
95% confidence
Finding
biopython==1.81

Known Vulnerable Dependency: requests==2.31.0 — 5 advisory(ies): CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi); CVE-2026-25645 (Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility func) +2 more

Medium
Category
Supply Chain
Confidence
95% confidence
Finding
requests==2.31.0

Known Vulnerable Dependency: lxml==4.9.0 — 4 advisory(ies): CVE-2026-41066 (lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to); CVE-2022-2309 (lxml NULL Pointer Dereference allows attackers to cause a denial of service); CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of service (or appli) +1 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
lxml==4.9.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.