Security audit

Paper Reader Deep

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent PDF paper-reading helper that creates local Markdown reports and has disclosed, purpose-aligned side effects.

Install only if you are comfortable letting it read the PDF directory you provide, create Markdown reports in that same directory, record reading activity locally, and query CrossRef for DOI metadata. Avoid using it on confidential or unpublished papers unless those side effects are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Missing User Warnings

Low

Confidence: 91% confidence
Finding: The README explicitly states that running the skill will generate report files directly inside the user-provided PDF directory, but it does not warn users that the tool modifies their filesystem. This is a real transparency and safety issue because users may assume analysis is read-only and inadvertently overwrite, clutter, or alter important working directories.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The README indicates use of the CrossRef API for DOI metadata lookup but does not disclose that metadata derived from local documents may be transmitted over the network. This is a genuine privacy and data-handling concern, especially for unpublished, sensitive, or proprietary papers where even identifiers or titles could reveal confidential research activity.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger condition is broad enough to activate on ordinary requests related to reading papers or generating reports, which can cause the skill to run unexpectedly. In context, this matters because the skill performs file processing and writes output files, so accidental activation may lead to unintended filesystem changes and user confusion.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill states that it saves generated reports in the same directory as the source PDFs but does not clearly warn the user beforehand. This is dangerous because it can modify user directories unexpectedly, create clutter or overwrite assumptions about directory contents, and may expose derived content in locations the user did not intend.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill records reading activity to MEMORY.md without clearly warning the user. Even if it does not store full report contents, logging that a document was read can still reveal sensitive research topics, project interests, or file-handling behavior, making the undocumented persistence a privacy concern.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.