Arxiv Daily Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed arXiv paper digest tool that saves local reports and optionally sends them to a user-configured Feishu webhook.

Install only if you want scheduled arXiv fetching and Feishu notifications. Configure the webhook deliberately, review the first generated report before enabling cron, and add the cron entry carefully so existing scheduled jobs are not overwritten.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill documents capabilities to read and write files, access the network, and invoke shell scripts, but it does not declare permissions or boundaries for those operations. This weakens reviewability and consent, making it easier for a skill to perform side effects such as local persistence and outbound webhook delivery without clear operator awareness.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The documented behavior exceeds the stated purpose by including deep analysis, persistent storage in affiliations_db.json, temporary file output, and config/env-based webhook handling that are not transparently framed as side effects. Description-behavior mismatch is dangerous because users and reviewers may authorize a seemingly simple paper-digest skill without realizing it also persists data locally and consumes additional local configuration and execution pathways.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The README explicitly instructs users to configure a Feishu webhook and enable automated pushes, but it does not warn that generated report contents will be transmitted to an external third-party service. In a skill that aggregates and formats content automatically, this can lead to unreviewed outbound data sharing and accidental disclosure of sensitive prompts, analysis text, or metadata if the output later includes non-public information.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: Broad natural-language triggers like '看看今天的论文' can match casual conversation and cause unintended invocation of a skill that performs network access, file writes, and potentially outbound pushes. In this context, accidental activation is more concerning because the skill is not purely read-only and may create files or send notifications as side effects.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill openly states it will push content to a Feishu webhook and save reports locally, but it does not present user-facing warnings, consent, or retention details for those data-handling actions. Even if the data is mostly public paper metadata, outbound transmission and local persistence are meaningful system effects that can surprise users and create audit and privacy concerns.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal