Back to skill

Security audit

Literature Review Polisher

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do the advertised literature-review polishing, but it embeds a live-looking Kimi API key and sends pasted drafts to Moonshot/Kimi with weak privacy disclosure.

Install only if you are comfortable sending pasted text to Moonshot/Kimi and saving polished output in the current folder. Do not paste confidential, unpublished, regulated, or student-identifying material unless that external processing is acceptable. The embedded API key should be considered exposed and replaced with an environment variable or other user-controlled secret before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script automatically saves model output to a local file without obtaining explicit user consent or clearly disclosing that persistence will occur. Literature reviews often contain unpublished research, student work, or sensitive academic content, so unexpected local storage can create confidentiality and data-handling risks on shared or managed systems.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill sends user-provided literature review content to a third-party API, which is a material data-flow not disclosed by the stated purpose. This is dangerous because users may paste unpublished manuscripts, proprietary research, or personal data, and that content leaves the local environment for external processing.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill automatically saves polished content to a local file without explicit user opt-in. Because literature reviews may contain unpublished research, student work, or sensitive academic material, this creates an avoidable confidentiality and data-handling risk, especially on shared systems.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
A live API key is hardcoded directly in the script, which is a serious secret-exposure issue. Anyone with access to the code can reuse the credential, incur costs, access associated service data, or abuse the external account.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is broad enough to invite use on many kinds of text without stating clear activation boundaries, allowed inputs, or safety constraints. In agent environments, overly general scopes can cause accidental invocation in unintended contexts, increasing the chance of processing sensitive, proprietary, or policy-restricted material.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The overview markets the skill as general literature-review polishing assistance but does not define when it should or should not activate. That ambiguity can lead an orchestrating agent to route broad writing requests here, potentially exposing unpublished research, personal data, or other sensitive content to external processing components such as Kimi AI.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script transmits user text off-system without an explicit warning at the point of collection or prior confirmation. In the context of academic writing assistance, users may reasonably expect local processing, making silent exfiltration of their draft content a significant privacy and confidentiality issue.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The script writes polished output to disk automatically without prior warning or confirmation. While less severe than external transmission, this can still expose sensitive academic content to other local users, backups, sync services, or unintended retention on shared machines.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script transmits user-provided literature review content to a third-party API without clear notice or consent. In this context, users may submit unpublished manuscripts, thesis drafts, or proprietary research text, so undisclosed external transmission meaningfully increases privacy and confidentiality risk.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The script writes processed output to disk automatically without prior confirmation. Although local file output is less severe than secret leakage or remote exfiltration, it can expose sensitive academic content to other local users, backups, or synced folders without the user's awareness.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.