academic-paper-citation

Security checks across malware telemetry and agentic risk

Overview

This skill is a local academic document tool, but it uses hard-coded paths, overwrites thesis files, injects canned thesis content, and runs generated JavaScript from document text.

Install only if you are comfortable with scripts that modify academic drafts and create persistent outputs. Before running, inspect and change the hard-coded /Users/openclaw2026/.qclaw/workspace paths, keep backups, avoid using it on confidential manuscripts, and review any generated or expanded text for authorship, institutional-header, and academic-integrity issues.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The script’s primary behavior is to artificially inflate thesis length by inserting a large hardcoded appendix, which is materially different from the declared citation/reference automation purpose. In an academic-writing skill, this is dangerous because it can mislead users into producing deceptive or policy-violating content under the guise of benign document processing.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script directly modifies a hard-coded thesis file by appending large unrelated content, which is inconsistent with the stated citation-management purpose of the skill. In this skill context, that makes the behavior more dangerous because users would reasonably expect citation formatting or bibliography handling, not silent alteration of manuscript substance; this can corrupt academic work and mislead users about what the tool does.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The code injects substantial prewritten thesis content into the user's paper, which is not justified by citation automation and materially changes authorship-relevant content. In an academic-writing skill, this is especially risky because it can facilitate undisclosed ghostwriting, plagiarism, or policy violations while altering the user's document without provenance or traceability.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script unconditionally injects a hard-coded header identifying the output as a Wuhan University master's thesis, even though the skill description is for general academic citation/format handling. This can misrepresent authorship or institutional affiliation in generated documents, creating integrity and fraud risks in an academic-writing context where document provenance matters.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The tool writes a JavaScript file containing transformed document content and immediately executes it with Node.js. Because Markdown-derived text is interpolated into JavaScript string literals with only quote escaping, crafted content containing backslashes, newlines, or JS-significant sequences can break out of the intended string context and turn document input into executed code.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger description is very broad, covering general topics like citations, references, Word/Markdown conversion, and expanding paper length, which can cause the skill to activate in situations the user did not intend. In a skill that can modify files and run scripts, over-broad activation increases the risk of accidental execution on sensitive academic documents.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill describes automatic expansion of paper content and format conversion, but it does not clearly warn that it will alter document contents and generate new output files. This is dangerous because users may assume advisory behavior while the skill actually performs destructive or integrity-affecting changes to important academic work.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script hard-codes the output Markdown path to a specific absolute location, so running it can overwrite an existing file without user confirmation. In a document-processing skill that handles academic drafts, this creates a real integrity and privacy risk because converted thesis content may be written into an unintended workspace file or clobber prior work.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script overwrites the target file in place without warning, confirmation, backup, or atomic-write safeguards. In the context of a thesis-processing skill, this is more dangerous because users may lose original work or unknowingly persist unauthorized inserted content, with limited ability to recover prior versions.

Missing User Warnings

Low

Confidence: 76% confidence
Finding: The script reads a manuscript and references from fixed workspace paths and writes derived outputs containing citation contexts and reference details to disk without any notice, consent gate, minimization, or sensitivity warning. In an academic-writing skill, manuscript drafts can contain unpublished research, personal data, or confidential material, so silently persisting extracted content increases the risk of unintended disclosure to other tools, users, backups, or shared workspace access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal