Research Report Generator

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a local report generator, but it needs review because it can persist report metadata and instructs delivery through Telegram without a clear opt-in.

Install only if you are comfortable with local report, log, and memory files being created. Use lite mode by default, choose a dedicated workspace, avoid pointing project-path at broad sensitive directories, and do not allow Telegram or other external delivery unless you explicitly want the report contents shared there.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The skill's stated purpose focuses on research and report generation, but the documentation also describes persistent memory appends and log creation. Undisclosed persistence expands data handling beyond user expectations and can retain sensitive project content, prompts, paths, or metadata without clear consent or retention limits.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Sending generated PDFs via Telegram introduces an external data egress channel unrelated to the core local report-generation function. Reports may contain proprietary code analysis, unpublished research, or sensitive project details, so automatic transmission to a messaging service materially increases confidentiality risk.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill documentation does not clearly warn users that it writes files to the workspace and appends to memory logs. While file output is expected for report generation, undocumented persistent writes can still surprise users and cause unintended storage of sensitive content.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: Full mode includes environment setup, dependency installation, and experiment execution, which materially changes the risk profile from passive analysis to active code execution. If a user points the skill at an untrusted project, this can execute malicious setup scripts or dependencies and affect the host environment.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation mentions sending output via Telegram without a corresponding privacy warning or consent mechanism. Because research reports can embed sensitive analysis and internal project details, silent transmission to a third-party service creates significant data leakage risk.

Ssd 3

Medium

Confidence: 90% confidence
Finding: Persistent research logs and appended memory entries can capture user prompts, local file paths, project contents, and derived analysis over time. Without minimization, scoping, or retention controls, this creates an avoidable accumulation of potentially sensitive information that may later be exposed or misused.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal