ClawHub

citation-finder

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the advertised citation lookup, with the main caution that paper search terms are sent to external academic services.

Use this for normal citation lookup. Avoid entering confidential or unpublished research titles unless you are comfortable sending those search terms to the listed external services, and install the Python dependencies in a controlled environment if dependency provenance matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill explicitly describes network-driven behavior (CrossRef, Semantic Scholar, Baidu Scholar, CNKI, plus web scraping) but does not declare corresponding permissions. That mismatch weakens platform trust and review controls, because users and administrators are not clearly informed that external requests and scraping will occur. In this context the networking is central to the feature, so the issue is not malicious by itself, but it is still a real security/governance problem.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger conditions include broad terms like 'reference', 'cite', and generic paper-finding phrases that may activate on ordinary academic or writing requests outside the intended scope. Overbroad activation can cause unintended routing of user prompts to a network-enabled skill, increasing unnecessary data exposure to external services and reducing user control. The citation-focused context makes this less dangerous than in a high-risk skill, but it remains a genuine scope-control weakness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal