学术文献检索（期刊信息、影响因子、下载链接）

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only academic paper search skill with no scripts, credentials, persistence, or privileged local access.

Safe to install from a security perspective. Expect it to use web searches for literature lookups, and verify important citations, DOI links, and impact-factor claims yourself before relying on them academically. Avoid pasting paywalled database credentials or private institutional login details into the agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list contains broad, common phrases such as '找文献', '查论文', and '推荐文献' that are likely to appear in normal academic-assistant conversations. This can cause unintentional activation, routing user requests into this skill when they may have intended a general chat or another tool, increasing the chance of unnecessary web access or unexpected behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal