Back to skill

Security audit

Paper Card Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a focused paper-summary helper that reads parsed paper files and writes clearly named local paper-card outputs, with no hidden code or credential/network behavior found.

Install this if you want the agent to create and update paper-card files beside your parsed paper outputs. Before use, check whether paper-card.md or paper-card.json already exists in the target folder if you need to preserve an earlier version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to always create and later overwrite files in the target folder without requiring explicit user confirmation or warning about side effects. In an agent setting, unconditional writes can modify project artifacts unexpectedly, destroy prior outputs, or pollute directories the user did not intend to change.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.