Back to skill

Security audit

Gemini Deep Research (J-claw)

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a disclosed research-report generator that calls an external AI/report API and may save the resulting Markdown, with no evidence of hidden or destructive behavior.

Install only if you are comfortable sending research topics, filters, and report options to the external report provider. Avoid confidential, regulated, or proprietary topics unless approved, and review the destination path before saving downloaded Markdown reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill defaults to creating a report file at a user path without an explicit warning that it will write to disk. This can lead to unintended file creation or overwriting in a sensitive workspace, especially because the path is presented as a default operational behavior rather than a consented side effect.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow sends the user's research topic, formatting choices, and likely other parameters to the Gemini service, but the skill does not clearly warn users that their data leaves the local environment. This is a real privacy and data-handling issue because users may provide confidential business, personal, or regulated information assuming the action is local.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/dr-client.js:131