Back to skill

Security audit

Emergence Agentic Academic Writing Skill Implementing the Paper Ochestra Paradigm

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed academic-writing scaffold that creates local project files and does not show hidden, destructive, credential-seeking, or exfiltration behavior.

Install only if you want a local academic-writing project scaffold. Run scaffold.sh in a new directory, review the generated files before adding sensitive research, and verify the referenced Emergence Science API/repository before allowing any agent to use external discovery endpoints.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill references a shell-based scaffold initializer (`scaffold.sh`) and local file creation behavior, but no permissions are declared. That creates a transparency and consent problem: users and platforms may treat the skill as documentation-only while it implicitly expects executable filesystem operations. In this context, undeclared shell capability is risky because it can lead to unexpected local changes and makes it harder to enforce least-privilege controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The stated purpose is a multi-agent scholarly writing framework, but the described behavior includes project scaffolding and local file generation rather than actual orchestration. This mismatch is security-relevant because users may grant trust based on the scholarly-assistant framing while the skill performs filesystem mutations that are not prominent in the description. Misrepresentation lowers informed consent and can conceal operational risk even if the underlying actions are not overtly malicious.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill says every user response is automatically persisted to `idea.md`, but it does not present an explicit warning or consent mechanism for storing potentially sensitive research ideas, unpublished data, or personal information. In a scholarly-writing context this is more dangerous because users may share confidential drafts, proprietary methods, or embargoed results during the interview process, and silent persistence increases the chance of accidental disclosure or retention beyond user expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.