Target Intelligence

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed PatSnap life-science research skill that uses user-configured MCP services and an API key for target intelligence reports.

Install this only if you intend to use PatSnap MCP services. Use a dedicated, revocable PatSnap API key, avoid exposing MCP configuration or shell history containing the key, and expect relevant biomedical queries to be sent to PatSnap when the skill is invoked.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill advertises activation on very short, generic prompts such as bare target names (for example, 'EGFR'). In agent systems that rely on semantic matching or heuristic routing, this can cause accidental invocation during ordinary conversation, leading to unnecessary external data access and unintended disclosure of user intent to third-party MCP services.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The 'When to use this skill' section is broad and lacks clear boundaries, so many life-science conversations could match even when the user did not ask for tool-backed intelligence gathering. Because this skill is designed to connect to external MCP services and perform mandatory connectivity checks, overbroad routing increases the chance of unintended tool use and unnecessary transmission of biomedical query context.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal