Security audit

agent-daily-paper

Security checks across malware telemetry and agentic risk

Overview

This is a coherent arXiv paper-digest skill with disclosed local setup, caching, scheduled output, and optional OpenAI use.

Install only if you are comfortable with a local research-digest tool that installs Python packages and ML models, queries arXiv, downloads PDFs, and saves local digest/cache files. Keep the default Argos provider for local translation, or configure OpenAI only if you accept sending paper titles, abstracts, field names, and translated summary text to that API. Review any cron, GitHub Actions, Feishu delivery, and output/cache directories before enabling scheduled delivery.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: User-provided field names are sent to external services, including the OpenAI API and arXiv-derived queries, without a clear user-facing disclosure or explicit consent step. If users enter sensitive research topics, internal project names, or proprietary terms, the script can exfiltrate that information to third parties unexpectedly.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script persists fetched paper content, metadata, and embeddings to disk without prominently warning the user. This can create unintended local data retention of sensitive search intent, proprietary topic names, and derived embeddings, which may later be exposed through backups, shared workspaces, or source-control mistakes.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The code sends paper titles and abstracts to OpenAI's external API when TRANSLATE_PROVIDER is set to openai or auto, but there is no explicit runtime notice, consent check, or data-handling disclosure before transmission. Even if arXiv papers are generally public, this still creates an undisclosed outbound data flow to a third party and could violate user expectations or policy constraints in privacy-sensitive deployments.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The helper transmits arbitrary generated text to OpenAI for translation without any visible disclosure or consent workflow. Because this text may include summarized content derived from PDFs or abstracts, the external transmission boundary is non-obvious and can leak processed document content to a third-party service.

Missing User Warnings

High

Confidence: 95% confidence
Finding: In the PDF insight path, the script downloads and extracts text from full PDFs, generates section summaries from that content, and then may send those summaries to OpenAI for translation via _translate_text_to_zh. This expands third-party exposure from short metadata to content derived from full documents, increasing confidentiality and compliance risk, especially if the tool is later adapted to non-public PDFs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal