ClawHub

paper-innov-compare

Security checks across malware telemetry and agentic risk

Overview

The skill mainly performs paper comparison, but it also tells the agent to log failures and propose changes to its own instructions, which needs review before installation.

Install only if you are comfortable with the skill writing progress, extracted text, and report files into your paper folder. Remove or ignore the self-evolution section before use, and require confirmation before package installs, file writes, or any PR that changes the skill’s own SKILL.md. VirusTotal and static scan were clean, so this is a Review concern rather than evidence of malware.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The self-evolution section instructs the agent to append to diary files and submit PRs modifying its own SKILL.md after each run. This introduces persistent self-modification and repository-changing behavior unrelated to paper comparison, creating a path for unauthorized changes, prompt drift, and supply-chain style abuse if adversarial paper content influences those updates.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documented purpose is paper analysis and report generation, but the skill also directs post-run repository maintenance and self-editing. Expanding behavior beyond the stated task increases attack surface and makes it easier for unrelated input to trigger persistent changes to operational artifacts.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The README states that the skill will write `summ.md`, `paper_summ_state.json`, and `extracted_text/` directly into the user's paper folder, but it does not prominently warn that invoking the skill modifies that directory. In an agent setting, implicit file writes can surprise users, overwrite existing artifacts, or create clutter in valuable research directories, especially if the folder path was inferred rather than explicitly confirmed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly says to execute Bash commands and Python scripts directly without user confirmation, while also writing JSON and DOCX files and potentially installing dependencies. Automatic command execution and file writes without consent are dangerous because they remove an important safety checkpoint and can alter the user's environment or data unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal