nature-reader

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only paper-reading skill that processes user-provided scientific papers into bilingual Chinese Markdown notes.

Install this if you want a workflow for bilingual Chinese reading notes from scientific papers. Provide only PDFs, DOIs, arXiv IDs, or URLs you are comfortable having the agent read or fetch, and review before using the optional export feature.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger conditions are broad enough to match many ordinary requests about reading, translating, or summarizing papers, which can cause the skill to activate when the user did not specifically ask for this workflow. That can override user intent, unexpectedly invoke external fetching/processing behavior, and increase the chance of handling sensitive local file paths or remote URLs without sufficiently explicit consent.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill description and output format assume Chinese bilingual translation by default without first confirming the user's language preference. This can produce unwanted disclosure or transformation of content, reduce usability for users expecting another language, and may cause the agent to process more content than necessary by default.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal