Back to skill

Security audit

Hugging Face Papers

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a paper lookup guide, but it also documents authenticated actions that can change Hugging Face paper/account metadata without clear user-confirmation safeguards.

Install only if you are comfortable with the agent seeing instructions for Hugging Face account-affecting paper actions. Treat the read-only lookup commands as the normal use case, and do not provide an HF token or allow POST requests unless you specifically intend to claim authorship, index a paper, or update paper links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is presented as a read-only paper lookup and analysis tool, but the documentation also exposes authenticated state-changing endpoints such as claiming authorship, indexing papers, and updating links. That capability expansion creates a mismatch between declared purpose and actual available actions, increasing the chance an agent could perform unintended account or content modifications if it has access to a Hugging Face token.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Authenticated modification endpoints are unjustified in a skill whose stated function is reading and analyzing papers. Including claim, index, and link-update operations unnecessarily broadens the attack surface and could let prompt injection, user confusion, or agent misuse trigger real changes to Hugging Face resources tied to the operator's account.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation provides authenticated write operations but gives no warning, consent flow, or confirmation requirement before performing them. In an agent setting, that omission is dangerous because a model may infer these actions are acceptable and execute state-changing requests without the user's informed approval.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.