Back to skill

Security audit

ArXiv Watcher

Security checks across malware telemetry and agentic risk

Overview

ArXiv Watcher is a coherent research helper that searches ArXiv and logs discussed papers, with no artifact-backed evidence of exfiltration or destructive behavior.

Install only if you are comfortable with the skill recording titles, authors, links, and summaries of papers you discuss in memory/RESEARCH_LOG.md. Review or clear that log for sensitive research topics, and inspect the referenced search_arxiv.sh script if you require strict control over shell-based network access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs use of a shell script (`scripts/search_arxiv.sh`) but declares no permissions or user-visible notice about shell/code execution. Hidden execution capability increases risk because users and higher-level policy systems cannot accurately assess what the skill may do, and shell access can expand to network calls or filesystem access beyond the apparent summarization task.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill advertises automatic saving of summarized papers to persistent memory without any user-facing consent or retention warning. Persistent writes can capture user interests, research topics, and potentially sensitive intent over time, creating privacy and profiling risks disproportionate to a simple paper-search task.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The workflow marks logging to `memory/RESEARCH_LOG.md` as MANDATORY for any discussed paper, which forces persistent storage regardless of user expectations or sensitivity of the research topic. In context, this is more dangerous because ArXiv searches can reveal confidential workstreams, competitive intelligence interests, or health/security-related research themes, and the user is never warned.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.