Semantic Paper Radar

Security checks across malware telemetry and agentic risk

Overview

This appears to be a research-report helper whose external literature lookups and optional local report export fit its purpose, with documentation transparency gaps to review.

Install if you are comfortable with the skill sending research queries to external literature services and optionally writing report files locally. Review where exported HTML files are saved, and do not assume Scholar integration exists unless a separate compatible tool is installed.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill invokes a Python script that performs network retrieval against external literature sources and can optionally export HTML to local disk, yet no permissions are declared. Undeclared network and file-write capabilities reduce transparency and can lead to unsafe execution in environments that rely on metadata for policy enforcement or user consent.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 78% confidence
Finding: The skill description understates behavior by not clearly surfacing local HTML file export as an operational side effect, while also advertising optional Scholar integration that is not actually provided in the skill itself. Description-behavior mismatches can mislead users and orchestrators about what the skill does, which is risky when external access or filesystem writes are involved.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal