Back to skill

Security audit

Google Scholar Search

Security checks across malware telemetry and agentic risk

Overview

This appears to be a research-paper search skill whose network use is expected, though its metadata and wording should be clearer about using Semantic Scholar rather than Google Scholar or direct PDF downloads.

Install only if you are comfortable with research queries being sent to Semantic Scholar. Treat the tool as a metadata search helper that may return open-access PDF links, not as a guaranteed Google Scholar or PDF-downloading tool.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly performs outbound network access to the Semantic Scholar API, but the metadata declares no permissions. This creates a transparency and governance gap: users or platforms may authorize or run the skill without realizing it transmits queries externally, which can expose sensitive research topics or user-provided input to a third party.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill metadata/docstring overstates capabilities by implying Google Scholar search and PDF download support, while the implementation only queries the Semantic Scholar API and returns metadata plus any openAccessPdf field exposed by that API. This is a security-relevant integrity issue because downstream agents or users may trust the tool to retrieve documents directly or from a different source, leading to unsafe assumptions, broken workflows, or accidental disclosure when used in larger automated chains.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.