Back to skill

Security audit

Pharmaclaw Literature Agent

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a public literature-search tool; the main caution is that broad trigger phrases could send ambiguous research queries to public APIs.

Install only if you are comfortable sending literature search terms to public research APIs. Avoid confidential compound names, proprietary targets, or unpublished research strategy terms, and verify medical or scientific conclusions against the cited source papers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger list includes very broad natural-language phrases such as 'research on', 'studies about', 'recent papers', and 'state of the art', which can match many ordinary user requests outside the intended scoped workflow. This can cause the skill to activate unexpectedly, leading to overbroad data access, unintended chaining behavior, or hijacking of user intent from more appropriate agents.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.