Back to skill

Security audit

ScholarGraph-CancerFusionGenesResearch

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed research workflow that searches public literature, downloads papers, and creates local reports, with no evidence of hidden or destructive behavior.

Install only if you intend to use ScholarGraph with external AI/search providers. Use scoped API keys, review the unpinned xlsx dependency before installing, and adjust or confirm the output directories so generated reports are written where you expect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
80% confidence
Finding
The script writes an output file to a hard-coded absolute path under /root without user confirmation or configurability. In an agent/runtime context, this can cause unintended file creation or overwrite, leak sensitive workflow structure, and violate least-surprise expectations about where artifacts are stored.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.