arxiv-to-beamer

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it extracts downloaded paper archives unsafely and sends untrusted paper content into a slide-generating model.

Review before installing. Use dedicated OpenRouter and MinerU API keys, run it only on papers you trust, and harden archive extraction before regular use so downloaded tar entries cannot write outside the temporary working folder.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill performs network access, reads environment variables, and writes files/zips, but does not declare any permissions. That creates a transparency and policy-enforcement gap: users or hosts cannot easily assess that the skill will contact external services (OpenRouter, MinerU, arXiv), consume secrets from env vars, and write artifacts to disk before invocation.

Ssd 4

Medium

Confidence: 93% confidence
Finding: The skill injects untrusted arXiv source or MinerU-derived markdown directly into the LLM prompt as high-trust context with no delimiting or instruction-hierarchy hardening beyond simple banners. A malicious paper can include prompt-injection text in LaTeX comments, body text, or parsed PDF content that steers the model to ignore formatting requirements, emit unsafe LaTeX, leak embedded data from the source, or generate attacker-chosen output files.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal