Scholar Search Skills

Security checks across malware telemetry and agentic risk

Overview

This skill performs a disclosed academic paper search, download, scoring, and citation workflow, with local storage and optional dependency installs that fit its stated purpose.

Install this only if you want an assistant to search academic sites, download PDFs, and create research notes on disk. Before use, confirm the output folder under ~/papers, avoid broad or sensitive topic names in paths, review any pip or npx install commands, and prefer a virtual environment or non-global install when possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs the agent to create directories, save multiple files, and download PDFs to persistent local storage without clearly requiring user notice or consent. This is dangerous because users may unknowingly cause disk writes, accumulate sensitive research material locally, or overwrite existing content in their home directory.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal