Paperzilla

Security checks across malware telemetry and agentic risk

Overview

This is a coherent instruction-only skill for using the Paperzilla CLI, with expected account access and feed-token handling risks that users should manage carefully.

Install only if you trust the Paperzilla CLI source. Log in only to the intended account, ask the agent to confirm before running `pz feedback` commands, and treat any `pz feed ... --atom` URL like a password because anyone with it may be able to read that project feed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly says that `--atom` returns a personal feed URL, but it does not warn that this URL may embed a bearer-style secret or otherwise grant access to private feed contents if logged, pasted into chat, committed to files, or shared with third parties. In an agent context, this is more dangerous because agents often echo command output, store transcripts, and pass values into downstream tools, increasing the chance that a sensitive feed URL is exposed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal