Security audit

Aibrary Book Search

Security checks across malware telemetry and agentic risk

Overview

This is a simple book-recommendation skill that only gives reading suggestions and does not request installs, credentials, files, or privileged access.

Safe to install for book discovery. Treat its recommendations as suggestions and verify details like editions, publication years, and current relevance before relying on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The skill description includes broad activation language such as 'any book discovery intent,' which can cause the agent to invoke this skill for loosely related requests. Over-broad triggers are dangerous because they can misroute user queries, preempt more appropriate skills, and increase the chance of unintended data handling or incorrect actions, even though this particular skill appears read-only and low risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal