arXiv Research Assistant

Security checks across malware telemetry and agentic risk

Overview

This arXiv helper does what it says: searches papers, downloads PDFs, and optionally saves a reading list when MongoDB is configured.

Install if you want arXiv search and paper tracking. Use a dedicated low-privilege MongoDB database if enabling tracking, choose the PDF download directory deliberately, and prefer a pinned/updated dependency set for reproducible installs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill initializes optional MongoDB connectivity and configures persistent storage even though the declared capability is limited to searching, downloading, and summarizing arXiv papers. This creates an undeclared data-retention surface and expands the skill's effective privileges, which is dangerous because users and hosting platforms may not expect long-lived storage or database access from this tool.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The code persists paper metadata and reading-status information to MongoDB and exposes listing and update operations that are outside the stated scope of the skill. While not overtly malicious, this undisclosed statefulness can lead to privacy, compliance, and trust issues because external systems may authorize the skill assuming it only performs transient arXiv interactions.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill is described as searching, downloading, and summarizing arXiv papers, but it also includes MongoDB support via pymongo, which expands capabilities beyond the stated purpose. This unnecessary database access increases attack surface and creates opportunities for unintended data storage, exfiltration, or persistence if other parts of the skill use the library.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrase "paper" is extremely broad and commonly used in everyday conversation, so it can cause the skill to activate when the user did not intend to invoke an arXiv search tool. In a skill that can search, download, and summarize external content, accidental invocation can lead to unintended actions, confusing behavior, and unnecessary retrieval of third-party data.

Vague Triggers

Low

Confidence: 86% confidence
Finding: The trigger list is loosely scoped and does not define exclusions or disambiguation rules, which makes it unclear when the skill should activate versus when ordinary conversation should be ignored. Although the listed phrases are mostly research-related, ambiguous activation criteria increase the chance of unintended tool use and reduce user control over when external search or summarization occurs.

Unpinned Dependencies

Low

Category: Supply Chain
Content: arxiv>=2.0.0 pymongo>=4.0.0
Confidence: 97% confidence
Finding: arxiv>=2.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: arxiv>=2.0.0 pymongo>=4.0.0
Confidence: 98% confidence
Finding: pymongo>=4.0.0

Known Vulnerable Dependency: pymongo — 3 advisory(ies): CVE-2024-5629 (PyMongo Out-of-bounds Read in the bson module ); CVE-2013-2132 (Use of NullPointerException Catch to Detect NULL Pointer Dereference in Pymongo); CVE-2013-2132 (bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as u)

High

Category: Supply Chain
Confidence: 88% confidence
Finding: pymongo

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal