Back to skill

Security audit

ArXiv Watcher

Security checks across malware telemetry and agentic risk

Overview

This skill searches ArXiv and keeps a disclosed local research log of papers it summarizes.

Install this if you are comfortable with a local memory log of papers the agent discusses. Avoid using it for confidential research topics unless retaining titles, links, authors, dates, and summaries in memory/RESEARCH_LOG.md is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill explicitly instructs use of a shell script (`scripts/search_arxiv.sh`) but the manifest does not declare corresponding permissions or capabilities. This creates a transparency and governance gap: reviewers and users may believe the skill is limited to harmless summarization when it can invoke local command execution paths.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill description promises search and summarization, but the documented behavior also performs persistent writes to `memory/RESEARCH_LOG.md`, which is a materially different action. This hidden statefulness can cause unintended retention, cross-session data exposure, and surprise side effects beyond user expectations for a read-oriented research skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The capability list says summarized papers are automatically saved to memory without any warning, consent, or opt-in. Even if the stored content is usually public paper metadata, automatic persistence can still create privacy, compliance, and expectation violations, especially if queries or summaries include sensitive user interests or internal research topics.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow marks memory appending as 'MANDATORY,' forcing retention of discussed papers regardless of user intent or sensitivity. A mandatory write path increases the risk of collecting confidential research interests or organizational priorities into long-lived storage without disclosure or control.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.