Back to skill

Security audit

Deep Researcher

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed paper-reading and storyboard workflow; its file use and optional external research/image steps fit that purpose, though users should be mindful of privacy when using it with unpublished papers.

Install only if you are comfortable letting the agent read the paper bundle and related project files you provide, create reports and PDFs, and possibly use external services such as OpenReview or image-generation APIs. Avoid using it with confidential or unpublished research unless you restrict external retrieval and API use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill appears to rely on file read/write behavior without declaring corresponding permissions, which creates a transparency and policy-enforcement gap. In this context, undeclared access is risky because the skill is positioned as a research generator, yet static analysis indicates it may also read local research artifacts and write QA outputs, enabling unexpected access to user workspace data.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose says the skill generates research papers, but the detected behavior suggests it also validates existing local papers, reads workspace files, and writes QA artifacts. This mismatch is dangerous because users and platform controls may authorize the skill under a much narrower trust model than its actual behavior, leading to unintended local data exposure or modification.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill plans broad external research across many third-party sources but does not clearly warn users that their prompts, topics, or derived queries may be transmitted to external services. In a research context, topics can contain proprietary, personal, or regulated information, so lack of disclosure increases privacy and confidentiality risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.