学术文献解读（轻松幽默解读枯燥文献）

Security checks across malware telemetry and agentic risk

Overview

This is a paper-explanation skill with a disclosed image-copying workflow, and the file handling is limited and related to analyzing user-provided figures.

Install if you are comfortable letting the agent read and temporarily copy paper images you provide. Avoid using sensitive unpublished figures unless you trust the runtime environment, and ask the agent to delete temporary copies after the analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill introduces PowerShell-based file copying and temporary-directory handling even though its stated purpose is only to explain academic papers. Unnecessary file I/O expands the attack surface: it can duplicate sensitive local files into less controlled locations, create persistence artifacts, or be repurposed to access unintended content if image paths or folder inputs are manipulated.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill documents writing copied images into a temporary directory without clearly informing the user or warning about the risks. Silent file writes can expose document contents to other local users/processes, leave recoverable artifacts on disk, and violate user expectations about how their files are handled.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal