Security audit

easypaper

Security checks across malware telemetry and agentic risk

Overview

This is a coherent EasyPaper usage guide with expected setup and privacy cautions, not evidence of hidden or malicious behavior.

Install it in an isolated Python environment, review the EasyPaper package and linked repository before use, and confirm whether typesetting runs locally or through an HTTP endpoint you control before processing confidential research.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly notes that PDF compilation may fall back to an HTTP Typesetter endpoint via `AGENTSYS_SELF_URL`, but it does not warn users that paper metadata and generated content may be transmitted off-process or off-host. Because this skill handles academic drafts, references, and possibly unpublished research, the omission can lead to unintended disclosure of sensitive data when users assume generation is fully local.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal