ClawHub

Paperzilla Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Paperzilla research-brief helper that uses an existing authenticated CLI and optional Telegram delivery, with limited disclosed state for recurring briefs.

Before installing, confirm that `pz` is the official Paperzilla CLI, that you intentionally authenticated it, and that Telegram/OpenClaw delivery points to the right destination. For recurring briefs, expect the agent to retain paper IDs it has already included so it can avoid repeats; ask the host or publisher how to inspect or clear that history if that matters for your project.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a monitoring/discussion workflow, but it also exposes mutation commands (`pz feedback ...`) that can alter recommendation state. This mismatch can cause users or downstream agents to invoke state-changing actions under the assumption the skill is read-only, leading to unintended preference manipulation or workflow side effects.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The security model says the skill is primarily read/triage, yet later sections require persistent writes such as feedback updates and storage of per-project brief history. This inconsistency weakens operator trust boundaries and can cause agents to persist or modify data without users understanding that the skill is not purely observational.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill requires maintaining persistent per-project history of proposed paper IDs, but it gives no user-facing disclosure about where this data is stored, how long it is retained, or who can access it. Hidden persistence can create privacy and compliance issues, especially when project names or recommendation histories reveal sensitive research interests or internal priorities.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal