Back to skill

Security audit

Daily Paper Digest

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward daily AI paper digest that fetches public paper listings and formats them for chat output.

Reasonable to install for a daily AI paper digest. Before enabling it, confirm you want the daily 9:00 scheduled run, that outbound access to arXiv and HuggingFace is acceptable, and that any chat channel receiving the digest is an appropriate place to post public paper titles, summaries, authors, and links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares no permissions even though the documentation clearly describes file reads from local configuration and outbound network access to arXiv and HuggingFace. Undeclared capabilities reduce transparency and can mislead users or hosting platforms about what the skill will access, which matters because it also mentions pushing content to external chat applications.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase "最新论文" is broad enough to match ordinary conversation, which can cause accidental invocation of network-fetching behavior. In chat-integrated environments, ambiguous triggers increase the chance of unintended external requests or message posting without clear user intent.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The phrase "今日论文" lacks clear scope and can overlap with normal user requests, especially in Chinese-language chat contexts where it reads like a natural query rather than an explicit command. This makes unintended activation more likely and is more concerning because the skill performs network retrieval and may forward results to external chat applications.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation states that content may be pushed to chat applications but does not prominently warn users that externally fetched data will leave the local skill context and be posted to third-party platforms. This is a transparency and consent issue that can lead to unintended data sharing or surprise outbound communications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.