Books For Agents

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent and not malicious, but it connects an agent to an external service and allows direct publishing to a shared book-summary knowledge base without clear confirmation or rollback guidance.

Install only if you trust booksforagents.com with search queries and submitted summaries. Configure your agent to ask before using suggest_book or submit_book, and review generated content before publishing because it may become persistent or shared externally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs users to connect to an external MCP server over HTTPS but never discloses that search queries, book lookups, and related prompts will be transmitted to a third-party service. This creates a real privacy and data-governance risk because agents may send sensitive user inputs or internal context off-platform without informed consent.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill describes `submit_book` as a publishing action but does not clearly warn that invoking it can directly write user-provided content into a public or shared knowledge base. Without an explicit caution, an agent may publish unreviewed, sensitive, copyrighted, or malicious content, causing integrity, compliance, and reputational harm.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal