Back to skill

Security audit

Meta Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a local R meta-analysis skill with disclosed package installation risks, but no evidence of hidden data theft, destructive actions, or persistence.

Install only if you are comfortable with the skill installing R packages from CRAN and GitHub into your user R library. For controlled or clinical work, preinstall and pin dependencies, review generated R code before running it, and independently validate statistical outputs before relying on conclusions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The environment setup function performs package installation from external sources at runtime, which expands the skill's behavior from data analysis into software acquisition and execution. In an agent context, this is risky because package install hooks and newly installed code can execute automatically, creating a supply-chain and unexpected code-execution surface unrelated to the immediate analysis task.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code fetches and installs a package directly from GitHub using remotes::install_github, which pulls third-party code outside a vetted, pinned dependency workflow. This enables remote code execution through a mutable repository and its installation scripts, making the skill materially more dangerous in an automated agent environment.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script performs automatic package installation from external network sources, including GitHub, at runtime. This expands the trust boundary to remote package repositories and introduces supply-chain risk, especially because GitHub installs are less controlled than pinned, verified releases and the script does not pin versions, verify hashes, or require user confirmation.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Several triggers are broad domain terms such as 'systematic review', 'forest plot', and 'funnel plot', which can appear in general discussion and unintentionally activate the skill. Unintended activation can cause the agent to shift into analysis mode, recommend package installation, or produce code in contexts where the user did not request this workflow.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
95% confidence
Finding
The trigger 'I²' is extremely short and ambiguous, making accidental matches likely in unrelated conversations about heterogeneity statistics or copied manuscript text. Because this skill can direct environment setup and package installation, a false activation could trigger unnecessary or confusing analytical actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.