Torah Scholar

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Sefaria-based Jewish text research helper, with only a minor privacy transparency note about external API queries.

Install if you are comfortable with Torah research searches, text references, and dvar Torah themes being sent to Sefaria over the network. Avoid entering confidential personal notes or sensitive identifiers unless you accept that exposure to the external API.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The README states the skill is powered by the Sefaria API and requires an internet connection, but it does not clearly warn users that their queries and requested references are transmitted to an external third-party service. This is a real transparency and privacy issue because users may enter sensitive research topics, notes, or identifiers assuming the skill operates locally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal