journal-monitor-xch

Security checks across malware telemetry and agentic risk

Overview

This skill is a PubMed journal-monitoring helper with a disclosed but somewhat user-surprising behavior of saving large reports to the Desktop.

Safe to install if you are comfortable with it querying PubMed and creating report files. On shared machines or for sensitive research topics, ask the agent to preview results first and save only to a location and filename you choose.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to write a full report directly to the user's Desktop once a threshold is met, without requiring explicit user confirmation at the time of file creation. Unprompted local file writes can surprise users, leak sensitive research data onto shared machines, and normalize unsafe agent behavior around filesystem modification.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal