Paper Digest

Security checks across malware telemetry and agentic risk

Overview

Paper Digest is an instruction-only arXiv summarization skill that fetches public papers and saves local markdown summaries as disclosed.

Install only if you are comfortable with the skill fetching public arXiv pages, spawning bounded citation-summary sub-agents, and saving markdown outputs in your OpenClaw workspace. Review or clear the saved paper summaries if stale cached content could affect later digests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill writes fetched content-derived summaries into a persistent workspace path without clearly warning the user that local files will be created. Undisclosed filesystem writes can surprise users, create unwanted persistence, and enable accumulation of externally sourced content in the user's environment.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The sub-agent instruction also performs file writes to the user's workspace, but this occurs indirectly through delegated execution, making the behavior even less visible to the user. Hidden downstream writes increase the risk of unanticipated persistence and make auditing harder because multiple agents may create files autonomously.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal