newpaper

Security checks across malware telemetry and agentic risk

Overview

Review before installing: this poster-generation skill is purpose-aligned, but it automatically downloads and runs external code while storing API credentials locally.

Install only if you are comfortable running external Paper2Poster code. Use a disposable directory or container, review or pin the repository before execution, confirm before cloning/installing/running, use a dedicated low-limit API key, keep .env out of version control, and avoid confidential or unpublished papers unless you trust the configured API and search providers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to clone and execute code from a remote GitHub repository as part of normal operation, which expands behavior far beyond simple document conversion. This creates a supply-chain and arbitrary code execution risk because the repository contents can change over time and are not pinned, reviewed, or sandboxed before execution.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill performs environment creation, package installation, uninstall, and downgrade operations on the host system, which is broader than the advertised task and can alter or destabilize the user's environment. These steps also increase the attack surface by allowing unreviewed packages and version changes to run with the agent's privileges.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README documents automatic web-based logo search using DuckDuckGo or Google Custom Search, but it does not warn users that institution names, conference venues, or other metadata derived from the paper may be transmitted to third-party services. In a paper-processing skill, that omission creates a real privacy and data-governance risk because users may unknowingly disclose unpublished affiliations or submission metadata during generation.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The trigger phrases are broad enough to match ordinary requests about making posters, increasing the chance that the skill activates unexpectedly. In this skill, accidental activation is more dangerous because activation leads to repository cloning, package installation, credential collection, and code execution.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Cloning into the current directory with `git clone ... .` modifies the user's working directory directly and can overwrite, mix with, or confuse existing files without an explicit warning. Because the destination is not isolated, the skill can unintentionally affect unrelated local content and make later command execution ambiguous or unsafe.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill requests API credentials and persists them in a `.env` file without clear handling safeguards, increasing the risk of credential leakage through filesystem exposure, later commits, logs, or reuse by other processes. The danger is elevated because the same skill also clones and runs external code that may read local environment files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal