Google SERP Scholar Author API
Security checks across malware telemetry and agentic risk
Overview
The available scan evidence is clean and there is no artifact-backed indication of unsafe behavior.
This review found no concrete reason to block installation. Because the target artifact files were not directly available in the workspace for full manual inspection, users should still review the skill's displayed permissions, required credentials, and any network destinations before installing.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.