Paper Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a local academic-paper analysis helper that creates Excel reports, with some privacy and overwrite caveats but no hidden or unrelated behavior.

Use this only on papers you intend to analyze locally. Check the Excel output path before running it, avoid reusing filenames you care about, and delete any temporary JSON files if the paper contents are sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill instructs writing an Excel file directly into the paper's local folder without requiring explicit user confirmation or addressing overwrite behavior. In a local-files skill, silent file creation can lead to unintended modification of user data, accidental overwrite, and privacy surprises, especially when operating on sensitive research directories.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The workflow processes local documents with pdftotext, writes temporary JSON to /tmp, and produces output files, but it provides no safety or privacy guidance. This increases the risk of exposing sensitive paper contents through temporary files, leaving recoverable artifacts on shared systems, or surprising users with local command execution and filesystem side effects.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal