Research Review Assistant

Security checks across malware telemetry and agentic risk

Overview

The skill’s research-review behavior mostly matches its purpose, but its dependency metadata creates a supply-chain concern that should be reviewed before installation.

Install only after correcting or removing the package.json dependency entries and auditing the actual runtime dependencies. Use explicit research-review commands to avoid accidental activation, and only enable the documented cron job if you want scheduled literature-review runs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manual trigger phrases are generic natural-language requests such as '帮我做…文献综述' and '迭代我的论文背景部分', which are likely to overlap with ordinary user conversations. In an auto-loaded skill system, this can cause unintended invocation, letting the skill activate on broad academic-assistance prompts without clear user consent or disambiguation.

Known Vulnerable Dependency: beautifulsoup4==4.12.0 — 1 advisory(ies): MAL-2025-3615 (Malicious code in beautifulsoup4 (npm))

High

Category: Supply Chain
Confidence: 94% confidence
Finding: beautifulsoup4==4.12.0

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal