Arxiv Translate

Security checks across malware telemetry and agentic risk

Overview

This skill only turns an arXiv paper ID or URL into a link for an external Chinese translation service.

Before opening generated links, understand that hjfy.top is an external translation site and may receive your IP address, browser metadata, and the arXiv paper ID. The skill itself is narrow and does not contact that site automatically.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 91% confidence
Finding: The skill directs users to a third-party site (hjfy.top) to access translated arXiv content without disclosing that the destination is external or warning about privacy, tracking, or content-safety implications. While the skill itself does not auto-visit the site or exfiltrate data, it normalizes sending users to an unaffiliated service and could expose them to logging, malicious content, or misleading downloads.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal