Google Scholar Paper Finder

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed academic paper-search helper that relies on an external Google Scholar MCP server and local venue-scoring data, with no hidden persistence or credential behavior found.

Install this only if you have or trust the Google Scholar MCP server you will connect it to, because research queries and retrieval results flow through that external tool. Treat the generated rankings as literature triage, not authoritative citation validation, since venue metrics may be incomplete or outdated.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The skill promises real-time Google Scholar retrieval, query expansion, citation chaining, and MCP-backed evidence, but the actual behavior described by static analysis depends on preexisting local candidate files and does not implement the claimed retrieval path. This can mislead users into trusting fabricated or stale literature-search results, causing integrity failures in academic or research workflows and potentially encouraging unsafe downstream decisions based on unsupported evidence.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal