Security audit

Paper Translator

Security checks across malware telemetry and agentic risk

Overview

This PDF translator is mostly coherent, but it can automatically install software from the internet and includes an under-scoped PDF-sharing step, so users should review it before installing.

Install only if you are comfortable with first-run network dependency installation and persistent local tool changes. Prefer manually installing trusted, pinned versions of `uv` and `pdf2zh-next`, and copy only the exact PDFs you intend to share through QQBot, avoiding confidential, unpublished, copyrighted, or sensitive documents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill is presented as a paper translation tool, but it also documents a separate QQBot file-upload/send workflow that exports translated PDFs into a messaging platform's upload directory. That expands the skill's effective behavior from local document processing to external sharing, which creates data exfiltration and privacy risk, especially for academic papers that may be unpublished or confidential.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation states that missing dependencies are installed automatically on first run, which means executing the skill may modify the user's system environment without explicit warning or approval. Silent package installation increases supply-chain and environment-integrity risk, and may violate user expectations in restricted or reproducible environments.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The QQBot instructions tell users to copy PDF files into a messaging client's upload directory without any warning that this prepares documents for sharing through a third-party communication channel. For translated academic PDFs, that can expose sensitive, copyrighted, or unpublished material and creates a clear privacy/data-sharing hazard.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script automatically installs and then relies on external tooling if it is missing, without prompting the user or requiring an explicit opt-in. This creates a supply-chain and arbitrary code execution risk because it fetches and executes installer logic from the network and installs additional packages into the user's environment as a side effect of running a translation script.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.