Academic Literature Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed academic search tool, with the main caution that optional saved results can write to a caller-chosen file path.

Install only if you are comfortable sending search terms to academic database APIs. Use your own API keys or a non-sensitive Crossref email, avoid sensitive queries if that matters, and enable save_results only with an output path you intentionally chose.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill exposes arbitrary local file write via user-controlled output_file when save_results is enabled. Because the path is not restricted to a safe workspace directory, a caller can overwrite or create files anywhere the process has permission, which is unrelated to the core literature-search function and can be abused for persistence, config tampering, or destructive overwrites.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal