paper-summary-scripted

Security checks across malware telemetry and agentic risk

Overview

The skill openly runs a local preprocessing script for user-selected papers and arXiv PDFs, with no evidence of hidden, destructive, or unrelated behavior.

Install only if you are comfortable running a bundled Python script on selected papers. Avoid passing private or unrelated local files, and remember that downloaded PDFs, extracted text, and combined text are stored under the output directory and may be used in the configured model workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill directs the agent to execute a Python script that reads local files, writes outputs, and performs network downloads, yet the skill declares no permissions. This creates an authorization and transparency gap: a caller or platform may treat the skill as low-privilege while it can access local paper files and fetch remote content, increasing the risk of unintended data access or egress.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The documented behavior promises a four-stage summarization and verification workflow, but the detected implementation only preprocesses/downloads files and combines extracted text. This mismatch is security-relevant because users and orchestrators may trust the skill to perform bounded summarization while it actually introduces file/network side effects without delivering the claimed review stages, which can conceal unexpected data handling and break downstream safety assumptions.

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The template claims the output should use the user's requested language, but the fixed Chinese section headings create contradictory instructions that can cause the agent to ignore user language preferences or produce mixed-language output. This is a specification-integrity issue rather than code execution, but it can degrade reliability, confuse downstream consumers, and break workflows expecting consistent localization.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal