ClawHub

Paper Impact Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent paper-analysis skill that contacts public research APIs, but its current script weakens HTTPS verification and should not be used for confidential research queries.

Reasonable to install for public academic paper checks. Do not use it for confidential, embargoed, or sensitive research interests unless you are comfortable sending the arXiv ID and related metadata to arXiv, GitHub, OpenAlex, and Semantic Scholar. Treat the results as advisory because the current script disables HTTPS verification, making network tampering possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares only Bash/Read/Write tools, but its documented behavior and required implementation clearly depend on outbound network access to arXiv, GitHub, OpenAlex, and Semantic Scholar. This creates a permissions mismatch: a reviewer or execution environment may believe the skill is local-only while it actually performs external requests, which can bypass expected trust boundaries, leak user queries, and violate least-privilege assumptions.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The code globally disables TLS certificate validation and hostname verification, then reuses that insecure SSL context for all HTTPS requests. This allows man-in-the-middle interception or tampering of responses from GitHub, OpenAlex, and Semantic Scholar, so the tool can be fed falsified metadata or malicious content while appearing to use HTTPS.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The script globally disables TLS certificate validation and hostname checking, so every HTTPS request to GitHub, OpenAlex, and Semantic Scholar becomes vulnerable to man-in-the-middle interception or response tampering. In this skill, untrusted network responses directly influence analysis output, so an attacker on the network path could falsify repo metrics, citation counts, or metadata and potentially harvest queried data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill sends user-supplied arXiv IDs, derived paper metadata, and first-author names to multiple third-party services without explicit notice or consent at runtime. While this is part of the feature design, it creates a privacy and data-governance risk because users may not expect their research interests or queried authors to be disclosed to external APIs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal