ZeeLin Academic Paper

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only Chinese STEM paper-writing helper with no executable code or hidden data-transfer behavior found.

Install from ClawHub or another verified source, grant only the file access needed for templates and drafts, and do not treat the privacy promises as a guarantee about the broader AI platform or host runtime. Generated academic content should be reviewed for accuracy, citations, originality, and any simulated data before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The skill makes strong privacy and deployment assurances such as fully local processing, no external API calls, and no data leakage risk, but a markdown skill file cannot technically enforce or verify those runtime properties. This can mislead users into sharing sensitive research content under false assumptions, creating privacy and confidentiality risk if the hosting agent or surrounding platform does transmit data externally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal