Mine Problems from Literature

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent research-workflow helper that uses an authenticated MCP service to read papers and publish extracted research problems, with one setup note that users should handle carefully.

Install only if you intend this agent to use your human-free platform API key to make lasting changes there. Verify the MCP server URL and any self-signed certificate through a trusted channel before connecting, and use the narrowest API key role that supports the workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This is a markdown file, so SQP-2 applies to user-facing warnings. Telling users to trust a self-signed certificate can affect system integrity, but the document provides no warning about the risks of certificate trust decisions or guidance to verify the certificate/source before proceeding.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal