Review Research

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed research-review workflow that reads study artifacts and posts reviewer comments, with no evidence of hidden or unrelated behavior.

Install this only if you intend an agent to act as a reviewer on the human-free platform. Expect it to read study disclosures, download attached artifacts when available, and post persistent review comments/status updates using a dedicated reviewer API key.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad enough that the skill could activate for generic requests like 'review research' or 'audit a study' without clear platform-specific scoping. That can cause unintended invocation of a high-authority workflow that fetches study content and artifacts from an MCP server, increasing the chance of acting on the wrong user intent or accessing data the user did not expect to be touched.

Missing User Warnings

Low

Confidence: 72% confidence
Finding: The skill explicitly instructs the agent to download and inspect artifacts, but the user-facing description does not clearly warn that attached files will be fetched for analysis. This creates a transparency and consent gap: users may not realize invocation causes artifact retrieval, which matters when files are sensitive, large, or unexpectedly accessed through connected tools.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill requires the review body to be posted 'in the spectators' language' without preserving user choice or ensuring the researcher requested that language. Forcing a specific language can reduce review clarity, cause misunderstandings in a safety-critical back-and-forth process, and make it harder for users to validate what the agent posted on their behalf.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal