Back to skill

Security audit

Research Mentor Distiller

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent research-tooling package that gathers public academic evidence and creates mentor skill packages, with no artifact-backed sign of deception, exfiltration, or automatic installation.

Install only if you want an agent to collect public academic metadata/PDFs and generate mentor-style research skill packages. Review the target output folder before running scripts, avoid the insecure SSL flag unless you understand the risk, and check generated mentor packages before installing them because their template may allow implicit invocation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to use local scripts, read and write files, access environment variables for API keys, and perform network collection, yet it declares no permissions or equivalent capability boundaries. This creates a mismatch between expected behavior and declared access, which can lead to over-privileged execution, opaque data access, or unintended external requests without clear user awareness or policy enforcement.

Natural-Language Policy Violations

Low
Confidence
80% confidence
Finding
The instruction to default to Chinese for Chinese users changes output behavior based on inferred user attributes rather than explicit user choice. While not a severe security issue, it can override user preference, create consent and UX problems, and in some environments may be treated as an unsafe personalization rule.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The template's description says to use the skill whenever a user wants broad forms of research mentorship, critique, topic selection, and writing feedback, which creates an expansive activation surface. In combination with a mentor/persona-emulation skill, this can cause unintended invocation in ambiguous contexts and lead the agent to steer outputs through a fabricated scholar-specific lens without the user explicitly requesting that persona.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The `allow_implicit_invocation: true` setting permits the skill to activate without explicit user selection, but the template provides no tight trigger constraints or guardrails. For a research-mentor persona skill, this increases the risk of silent behavioral steering, over-application of a scholar-specific worldview, and user confusion about when outputs are grounded versus inferred.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.insecure_tls_verification

HTTPS certificate verification is disabled.

Warn
Code
suspicious.insecure_tls_verification
Location
scripts/collect_publications.py:1221

HTTPS certificate verification is disabled.

Warn
Code
suspicious.insecure_tls_verification
Location
scripts/recover_pdfs.py:45