Back to skill

Security audit

Agentic Paper Digest Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate paper-digest helper, with normal setup and API-key risks users should handle carefully.

Install only if you trust the linked GitHub project and are comfortable with it downloading code, installing Python dependencies, and using an external LLM provider. Use a limited API key, keep .env private, review the downloaded code before running, and check what is using port 8000 before running the stop script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This markdown file instructs the user to bootstrap the repository and later create or modify several local files, but it does not clearly warn up front about these filesystem changes. For markdown files, SQP-2 applies when user-affecting behaviors that can impact local data or system state are described without clear disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file mentions network access and API keys, and later documents source fetching and LLM/provider configuration, but it never plainly warns that content may be transmitted to arXiv/Hugging Face endpoints and an external LLM service. For markdown files, network and privacy-impacting behavior should be disclosed when it could affect user data or privacy expectations.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
This shell script creates the project directory and later populates it, updates a git checkout, creates a virtual environment, and copies an example environment file. Although there are progress messages, there is no explicit warning or confirmation before these local filesystem modifications occur.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script fetches code from GitHub via git/curl/wget/Python, then runs pip install -r requirements.txt, which can execute package installation logic from downloaded content. While status messages are printed, the script does not clearly warn the user that it will retrieve remote code and install dependencies from the network.

External Transmission

Medium
Category
Data Exfiltration
Content
echo ">> Git not available. Downloading zip to $PROJECT_DIR"
    mkdir -p "$PROJECT_DIR"
    tmp_zip="$(mktemp -t agentic_paper_digest.XXXXXX).zip"
    if command -v curl >/dev/null 2>&1; then
      curl -L "$ZIP_URL" -o "$tmp_zip"
    elif command -v wget >/dev/null 2>&1; then
      wget -O "$tmp_zip" "$ZIP_URL"
Confidence
70% confidence
Finding
curl >/dev/null 2>&1; then curl -L "$ZIP_URL" -o "$tmp_zip" elif command -v wget >/dev/null 2>&1; then wget -O "$tmp_zip" "$ZIP_URL" else "$PY_BIN" - "$ZIP_URL" "$tmp_zip" <<

Credential Access

High
Category
Privilege Escalation
Content
echo ">> Installing Python deps"
pip install -r requirements.txt

if [ ! -f ".env" ] && [ -f ".env.example" ]; then
  cp .env.example .env
  echo ">> Created .env from .env.example"
fi
Confidence
60% confidence
Finding
.env"

Credential Access

High
Category
Privilege Escalation
Content
pip install -r requirements.txt

if [ ! -f ".env" ] && [ -f ".env.example" ]; then
  cp .env.example .env
  echo ">> Created .env from .env.example"
fi
Confidence
60% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
if [ ! -f ".env" ] && [ -f ".env.example" ]; then
  cp .env.example .env
  echo ">> Created .env from .env.example"
fi

echo ">> Done. Edit .env, then run scripts/run_cli.sh or scripts/run_api.sh"
Confidence
60% confidence
Finding
.env

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.