Back to skill

Security audit

Literature Report

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed literature-report automation skill with privacy and setup cautions, but no artifact-backed malicious behavior.

Install only if you are comfortable storing an LLM API key locally and sending paper metadata plus your research topic to the configured LLM provider. Use a virtual environment, verify the configured base_url, keep config.yaml out of source control, avoid sensitive unpublished topics unless your provider is approved, and treat Feishu support as incomplete because it currently prints rather than sends messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide tells users to place an API key and Feishu user ID directly into config.yaml but provides no guidance to protect the file, avoid committing it to source control, or use environment variables/secrets storage. This creates a realistic risk of credential leakage through shared directories, backups, logs, or repository commits, which could enable unauthorized API usage or misuse of messaging integrations.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The guide instructs users to generate summaries and push them to Feishu without clearly warning that content and metadata will be transmitted to an external platform. In a research workflow, unpublished topics, internal interests, or sensitive metadata could be exposed to third-party services or broader audiences than intended.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README instructs users to place an LLM API key into a local config file and describes automatic outbound push behavior to Feishu, but provides no guidance on secret storage, file permissions, exclusion from version control, or what data may be transmitted externally. In a skill that automatically fetches papers, generates summaries, and pushes content on a schedule, this omission increases the chance of credential leakage or unintended transmission of research topics and generated content to third-party services.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation phrases are broad enough to match common user requests such as asking for paper pushes or custom topics, which increases the chance of accidental invocation. In a skill that can read config, use API keys, perform network requests, and suggest automation, unintended activation could trigger data processing or external calls without clear user intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends paper titles and abstracts to a third-party LLM service, but there is no visible consent flow, warning, or policy enforcement around external data sharing. Even if literature metadata is often public, abstracts, queries, and customized research focus can still reveal sensitive research interests or unpublished material, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code sends paper titles, abstracts, and derived prompts to an external LLM endpoint via requests.post, but there is no visible consent, disclosure, or data-handling notice at this transmission point. In a literature-reporting skill, abstracts and user-defined research topics may include unpublished, proprietary, or sensitive research context, so silent off-box transmission creates a real privacy and compliance risk.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The script performs outbound network requests to external domains as part of installation verification without explicitly warning the user beforehand or requiring opt-in. In a security-sensitive or restricted environment, unexpected external connections can leak metadata such as IP address, timing, environment reachability, or violate network policy.

Ssd 1

Medium
Confidence
93% confidence
Finding
The code interpolates untrusted title and abstract text directly into the prompt, so a crafted paper can include adversarial instructions that manipulate the model's classification output. In this skill, that can cause irrelevant or maliciously selected papers to be marked relevant, undermining the integrity of automated literature triage and downstream reporting.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.