hugging-face daily papers

Security checks across malware telemetry and agentic risk

Overview

This skill fetches Hugging Face daily paper data and writes a local results file, with its token use and output file disclosed in the instructions.

Install this only if you want an agent to fetch Hugging Face Daily Papers using your Hugging Face account token. Use a read-only token, avoid putting real tokens in shared chats, screenshots, shell history, or committed files, and expect the script to create or overwrite hf_results.json in the directory where it is run.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill uses sensitive capabilities—environment variables, network access, and local file writes—without declaring them in a permission model or warning the user. This creates a transparency and consent problem: a user or orchestrator may invoke the skill expecting a simple digest, while it actually reads a token and writes files locally.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The documented behavior materially differs from the actual behavior: it requires authenticated access via HF_TOKEN and writes local output, while not actually performing the promised scoring and digest generation. This mismatch is dangerous because it undermines informed consent and can cause users or higher-level agents to expose credentials or permit file/network actions under false assumptions.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The script requires a Hugging Face token for a capability described as fetching public daily papers, which expands the privilege footprint without clear need. In an agent/skill context, forcing users to supply credentials where none should be needed increases secret exposure risk and unnecessary trust in the skill.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The instructions tell users to run a script that writes hf_results.json to the working directory but do not clearly warn about this side effect. While the write target appears limited and predictable, the lack of disclosure can still lead to accidental file creation, repository pollution, or confusion in automated environments.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad and overlap with common user requests such as 'daily paper' or '论文精选', which can cause the skill to activate outside the user's intended context. In an agent environment, over-broad activation can lead to unintended external API calls, unnecessary data processing, and surprising behavior, especially when the skill requires credentials and fetches network content.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to create and export an HF_TOKEN but does not provide guidance on least-privilege use, secure storage, redaction, or the risk of exposing the token in shell history, logs, screenshots, or shared environments. Because the skill depends on a live credential for API access, weak credential-handling guidance increases the chance of accidental token leakage and subsequent unauthorized API use.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal