Security audit

Hf Papers

Security checks across malware telemetry and agentic risk

Overview

This skill coherently fetches public HuggingFace paper listings, optionally translates abstracts through configured services, and writes a local Markdown report.

Install only if you are comfortable sending public paper abstracts to the translation provider you configure. Use a dedicated low-privilege API key, verify DEEPLX_URL and OPENAI_BASE_URL before running, and use --no-translate when you want to avoid third-party translation calls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Context-Inappropriate Capability

Medium

Confidence: 81% confidence
Finding: The skill's stated purpose is paper retrieval and translation, but it is wired to a general OpenAI-compatible chat completions endpoint. That broadens the trust boundary and capability surface beyond what is necessary, increasing the risk of unintended data disclosure, prompt-influenced behavior, or misuse through arbitrary compatible endpoints.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README instructs users to send full paper abstracts to third-party translation services, including fallback providers, but does not disclose the external data transfer or associated privacy implications. Even if papers are public, user queries, selected content, usage patterns, and potentially future non-public inputs could be transmitted off-platform without informed consent.

Vague Triggers

Medium

Confidence: 77% confidence
Finding: The integration guidance suggests broad trigger phrases like asking for recent or popular papers, which can overlap with normal conversation and cause the skill to run unexpectedly. In agent environments that execute tools automatically, this can trigger network access, third-party API calls, and file writes without sufficiently specific user intent.

Natural-Language Policy Violations

Medium

Confidence: 73% confidence
Finding: The README presents Chinese translation as the default behavior and does not foreground a user language choice before processing. In an agent setting, this can lead to automatic transformation and external transmission of content that the user may have preferred to keep in the original language or not send to translation services at all.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrases are broad enough to match common research-related requests, which can cause the skill to activate unexpectedly when a user did not ask for HuggingFace scraping, translation, or file creation. In this context, overbroad activation increases the chance of unnecessary network calls and unintended transmission of content to external translation backends.

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: Defaulting to Chinese translation without explicit user opt-in means paper abstracts are sent to a translation backend by default unless the user knows to disable it. While not inherently malicious, this can violate user expectations around language preference and data handling, especially when third-party APIs are involved.

External Transmission

Medium

Category: Data Exfiltration
Content: **DeepLX（默认）：** ```env TRANSLATE_BACKEND="deeplx" DEEPLX_URL="https://api.deeplx.org/你的token/translate" ``` **OpenAI 兼容 LLM（OpenAI、硅基流动、DeepSeek 等）：**
Confidence: 88% confidence
Finding: https://api.deeplx.org/

External Transmission

Medium

Category: Data Exfiltration
Content: **OpenAI 兼容 LLM（OpenAI、硅基流动、DeepSeek 等）：** ```env TRANSLATE_BACKEND="openai" OPENAI_BASE_URL="https://api.openai.com/v1" OPENAI_API_KEY="sk-your-key-here" OPENAI_MODEL="gpt-4o-mini" ```
Confidence: 90% confidence
Finding: https://api.openai.com/

External Transmission

Medium

Category: Data Exfiltration
Content: | 服务商 | BASE_URL | 推荐模型 | |--------|----------|----------| | OpenAI | `https://api.openai.com/v1` | `gpt-4o-mini` | | 硅基流动 | `https://api.siliconflow.cn/v1` | `Qwen/Qwen2.5-7B-Instruct` | | DeepSeek | `https://api.deepseek.com/v1` | `deepseek-chat` | | 通义千问 | `https://dashscope.aliyuncs.com/compatible-mode/v1` | `qwen-turbo` |
Confidence: 85% confidence
Finding: https://api.openai.com/

External Transmission

Medium

Category: Data Exfiltration
Content: | 服务商 | BASE_URL | 推荐模型 | |--------|----------|----------| | OpenAI | `https://api.openai.com/v1` | `gpt-4o-mini` | | 硅基流动 | `https://api.siliconflow.cn/v1` | `Qwen/Qwen2.5-7B-Instruct` | | DeepSeek | `https://api.deepseek.com/v1` | `deepseek-chat` | | 通义千问 | `https://dashscope.aliyuncs.com/compatible-mode/v1` | `qwen-turbo` |
Confidence: 84% confidence
Finding: https://api.siliconflow.cn/

External Transmission

Medium

Category: Data Exfiltration
Content: |--------|----------|----------| | OpenAI | `https://api.openai.com/v1` | `gpt-4o-mini` | | 硅基流动 | `https://api.siliconflow.cn/v1` | `Qwen/Qwen2.5-7B-Instruct` | | DeepSeek | `https://api.deepseek.com/v1` | `deepseek-chat` | | 通义千问 | `https://dashscope.aliyuncs.com/compatible-mode/v1` | `qwen-turbo` | ## Agent 集成
Confidence: 84% confidence
Finding: https://api.deepseek.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal