Back to skill

Security audit

ResearchMonitor

Security checks across malware telemetry and agentic risk

Overview

ResearchMonitor is a coherent research-update skill that stores limited local topic and seen-item state for deduplication, with no evidence of hidden access, exfiltration, or destructive behavior.

Install if you are comfortable with the skill storing your research topics, last check date, and seen paper or URL identifiers in a local research_config.json file and using those topics in web searches. Avoid adding confidential research interests unless that local storage and search exposure is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to read and write local files (`research_config.json`) and to invoke helper scripts that persist state, yet no permissions are declared. This creates a trust and containment gap: users and the platform may not realize the skill has filesystem write capability, increasing the risk of unintended data modification or misuse if the skill is altered or run in a broader environment.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The skill claims only to monitor research topics, but it also performs persistent local state management by adding topics, tracking last-checked dates, and recording seen identifiers. This mismatch can mislead reviewers and users about the true data-handling behavior, which matters because persistent storage expands the privacy and integrity impact surface beyond a simple search-and-report workflow.

VirusTotal

35/35 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.