Back to skill

Security audit

Deep Research Work From Xian.LaoJ

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it should be reviewed because its research code can fabricate sources, content, and verification results while the skill presents itself as a real deep-research workflow.

Install only if you treat the JavaScript workflow as a demo or template, not a trustworthy research engine. For real research, require the agent to use actual web/search/fetch results with citations and avoid relying on the bundled mock verification or confidence values.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill claims to perform rigorous multi-source research, verification, and synthesis, but the finding indicates the implemented behavior fabricates searches, source content, and validation outputs. This is dangerous because users may rely on invented evidence and false confidence assessments for academic, business, or factual decisions while believing the process was actually verified.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The file presents itself as a comprehensive research workflow, but the implementation fabricates sources, content, verification, and confidence values. In a research skill, this is dangerous because downstream users or agents may rely on invented evidence as if it were real, leading to misinformation, bad decisions, or unsafe recommendations.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The code claims to verify assertions against authoritative sources, but the verification function always returns a hardcoded successful result. In the context of a deep-research skill, this creates false assurance that claims were validated, which can amplify hallucinated or false conclusions and undermine trust and safety controls.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation language is broad enough to trigger on many generic research requests, which increases the chance the skill is selected in contexts where users did not specifically intend external research behavior. That can amplify the effect of any underlying flaws, including misinformation, unnecessary tool use, or collection of external content without clear user expectation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises web retrieval and persistent note/file creation without warning users that it may access external resources and store research artifacts. This can expose user queries, sensitive topics, or retrieved data to persistence and network access in ways the user did not anticipate.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.