Unifuncs Deep Research

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate UniFuncs research API skill, but it needs Review because its default report flow starts an under-disclosed detached background process that can keep using the API key and writing output after the visible command returns.

Install only if you are comfortable sending research prompts to UniFuncs and using your UniFuncs API key for potentially long-running paid work. Before approving a run, confirm the exact topic, model, output type, and cost/time expectation; avoid confidential data unless UniFuncs is approved for it; prefer the async create/query scripts when you want clearer control; and delete stream files that may contain sensitive report output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill declares only `allowed-tools` but no explicit permissions model, while its documented operation clearly involves environment-variable access, shell execution, network access to a third-party API, and file read/write via streaming files. This mismatch increases the chance that an agent or reviewer underestimates the capability surface and may invoke the skill without appropriate policy gating or user awareness.

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The skill spawns a detached background worker that continues network activity and file writes after the main invocation returns, which can bypass user expectations and platform execution controls. In an agent skill context, persistence beyond the visible command lifetime is more dangerous because it can continue processing sensitive prompts and producing output without active supervision.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The description activates on broad phrases like deep research, research reports, or comprehensive analysis, which can overlap with many normal user requests. In an agent setting, broad routing can cause the skill to trigger unnecessarily and send user content to an external paid API or launch long-running operations when a simpler/local workflow would have sufficed.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script persists streamed model output to a user-specified or temporary file, but the user is not clearly warned that potentially sensitive research content may be written to disk. In this skill, prompts and generated reports may contain proprietary or personal data, so silent persistence increases confidentiality and data-retention risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script sends the user's query and optional research parameters to a third-party API without an explicit privacy or data-transmission warning. Because this skill is designed for deep research and long-form reports, user inputs may include confidential business, legal, medical, or personal information, making undisclosed external transmission a meaningful privacy risk.

Direct Prompt Extraction

High

Category: System Prompt Leakage
Content: --output-type {report,summary,wechat-article,xiaohongshu-article,toutiao-article,zhihu-article,zhihu-answer,weibo-article} Desired output style (default: report). --output-prompt OUTPUT_PROMPT Custom output prompt template. --output-length OUTPUT_LENGTH Expected output length hint (default: 10000). --raw-response Print full API response JSON.
Confidence: 88% confidence
Finding: output prompt

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal