Back to skill

Security audit

Chatmosp Literature Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent academic literature-search helper, with minor documentation issues around language routing and local PDF/text files.

Install only if you want the agent to browse academic sites and download/convert supplemental PDFs for parameter extraction. Expect possible local PDF/text files, and treat extracted scientific parameters as needing user review before use. Maintainers should fix the language-routing/file-name mismatch and document where downloaded files are stored or cleaned up.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The language-routing block tells English users to read `SKILL_cn.md` as the authoritative source, while the current file is itself labeled `SKILL_cn.md` and later references `SKILL.md` as the Chinese authority. This ambiguity can cause an agent to load or prioritize the wrong instruction set, which is a prompt-boundary/control-flow problem in a multi-file skill and can lead to incorrect or unintended behavior.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill directs the agent to download supplemental PDFs and convert them into local text files without clearly warning the user that files will be created on local storage. In environments where users expect read-only browsing, this can cause unexpected persistence of potentially sensitive or copyrighted content and create minor privacy or storage-management risks.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The language-routing instructions are contradictory: they say to continue with this English file for English input, but for Chinese input to read `SKILL.md` in the same directory and respond in Chinese, while later sections imply different file roles. Conflicting control-flow instructions can be exploited to induce the agent to use the wrong prompt source or ignore intended constraints, increasing the chance of incorrect behavior or bypass of expected safeguards.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The locale policy forces English users to follow a Chinese-file authority chain that conflicts with the file labels and expected language separation. In agentic systems, unjustified routing rules can be abused or can accidentally bypass the intended prompt source, increasing the chance of instruction confusion, wrong tool use, or inconsistent safety behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.