swiftscholar-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward SwiftScholar API helper, with normal privacy considerations when uploading papers or using account features.

Install this if you want an agent to use your SwiftScholar account for paper search, parsing, analysis, and library management. Keep the API key out of chat, confirm before uploading PDFs or forcing re-parses, and avoid submitting confidential, unpublished, licensed, or sensitive documents unless you are comfortable sending them to SwiftScholar.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to submit paper URLs and upload local or remote PDFs to an external service, but it does not clearly require an explicit user-facing disclosure that document contents and URLs will leave the local environment and be transmitted to SwiftScholar. This creates a real privacy and data-handling risk, especially if users provide unpublished manuscripts, proprietary PDFs, or sensitive links under the assumption the processing is local.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal