Literature Review

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward literature-search helper that queries named academic databases and does not show hidden data access, persistence, or destructive behavior.

Use this for non-confidential literature searches. Search queries, optional API keys, and an optional email identifier may be sent to the named academic providers, so avoid using sensitive unpublished research terms unless that sharing is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill clearly describes use of environment variables and multiple external academic APIs, which implies access to env and network capabilities, yet no declared permissions are present. This creates a transparency and governance problem: a host system or reviewer may underestimate what the skill can access, and network-enabled skills can expose user queries or metadata to third parties if not explicitly authorized.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal