Hfpclawer Paper Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent research-paper workflow guide, with local file writes that are expected for downloading and organizing papers.

Install in a dedicated project or virtual environment, review config.yaml before running the full pipeline, and use --dry-run or step-by-step commands first if you want to avoid unexpected downloads, disk usage, or writes into raw/papers/ via --to-wiki.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The skill explicitly instructs users to run commands that create configuration files, download PDFs, generate Markdown output, and optionally sync content into a wiki directory, but it does not clearly warn that these actions will write and modify local files. In a research-oriented skill this is expected behavior, but the lack of an upfront warning can still cause unintended filesystem changes, especially when using all-in-one commands like `full --to-wiki`.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal