深度研究 Deep Research

Security checks across malware telemetry and agentic risk

Overview

This is mostly a research-report skill, but it needs Review because it overstates its working research/report quality and includes under-scoped network, file-output, optional install, and PDF conversion behavior.

Install only if you are comfortable with research queries being sent to configured search providers and reports being saved locally. Treat generated reports as drafts: verify citations and factual claims yourself, and review any npx/md-to-pdf or companion-skill install before using those optional features.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (8)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: ), ] result = subprocess.run( cmd, capture_output=True, text=True, timeout=120, cwd=output_dir )
Confidence: 79% confidence
Finding: result = subprocess.run( cmd, capture_output=True, text=True, timeout=120, cwd=output_dir )

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises and demonstrates shell execution, network access, and file output behavior but does not declare corresponding permissions. That creates a transparency and policy-enforcement gap: users and hosting platforms may not realize the skill can transmit data externally or write artifacts locally before it runs.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 78% confidence
Finding: The documented behavior exceeds the stated purpose by including orchestration, task/workspace management, and report conversion flows not reflected in the high-level description. Description-behavior mismatches are dangerous because they undermine informed consent and make it easier to smuggle broader capabilities into a seemingly narrow research skill.

Context-Inappropriate Capability

Medium

Confidence: 72% confidence
Finding: The skill includes installation commands for additional packages/skills, expanding its effective trust boundary beyond research/report generation. This can lead to unreviewed code introduction, supply-chain exposure, and privilege creep during normal usage.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are very broad and overlap with common requests like 'market analysis' or '帮我研究一下', making accidental invocation likely. Because this skill can perform network searches and generate files, unintended activation increases the chance of unexpected external data transmission or autonomous action.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The quick-trigger list repeats ambiguous phrases that are common in everyday conversation and insufficiently constrained for safe activation. In context, this raises risk because the skill is not passive documentation; it is designed to orchestrate searches and outputs once invoked.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The description advertises web search and Markdown report generation but does not clearly warn that user queries may be sent to external services and that local files may be created. This is a consent and data-handling issue, especially for sensitive research topics or proprietary user input.

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash # DuckDuckGo (无需 API key) curl -s "https://api.duckduckgo.com/?q=QUERY&format=json" # Wikipedia curl -s "https://en.wikipedia.org/api/rest_v1/page/summary/QUERY"
Confidence: 70% confidence
Finding: https://api.duckduckgo.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal