Back to skill

Security audit

Academic Research Conflict

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent academic search and literature-review skill, with expected external API use and local caching that users should know about.

Install only if you are comfortable sending research topics, author names, and DOIs to external academic APIs. Avoid confidential research queries, review the publisher/provenance mismatch before relying on it, and clear /tmp/litreview_cache if cached paper metadata should not remain locally available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation advertises commands that read and write local files and make outbound network requests, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users or orchestrators may invoke the skill without realizing it can access the filesystem, write outputs/cache data, and contact external services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented behavior says the skill uses OpenAlex, but the packaged behavior also relies on Unpaywall and includes an undefined wrapper/interface component. Undisclosed external dependencies and an incomplete or mismatched interface make security review, consent, and runtime control harder, and can lead to unexpected data flows or execution paths.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger language is broad enough to match generic research or reference-gathering requests, which can cause unintended activation of a network-enabled skill. In context this is not code execution, but it can still expose user queries to external APIs or cause the agent to take actions the user did not specifically request.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation omits a clear warning that commands send queries to third-party services and may retrieve full text from external sources. Without this notice, users may unknowingly disclose sensitive research topics or cause downloads from untrusted or unexpected endpoints, especially when following examples directly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.