code-mentor

Security checks across malware telemetry and agentic risk

Overview

This programming tutor skill is instruction-only and purpose-aligned, but it may save local learning progress notes during use.

Install this only if you are comfortable with local progress notes being saved during tutoring sessions. Avoid sharing secrets, credentials, private code, or sensitive project details unless you are comfortable with them appearing in the learning log; ask the agent to skip, show, or delete saved progress when needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill mandates persistent modification of `references/user-progress/learning_log.md` after each session, but this behavior is not disclosed in the top-level skill description or surfaced as an explicit consent step. That creates an integrity and privacy risk because ordinary tutoring interactions can silently result in durable storage of user-provided content and future sessions may act on that retained data.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The skill description is very broad and overlaps with many normal requests about learning, debugging, projects, and best practices. Over-broad activation scope increases the chance the skill is invoked in contexts the user did not intend, which becomes more dangerous here because the skill also contains hidden persistence behavior and optional script/tool usage.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The quick-command phrases include generic prompts like 'Help me debug this' and 'How can I improve this?' without requiring code or programming context. Ambiguous triggers raise the likelihood of accidental invocation, and in combination with the mandatory learning-log instructions can lead to unintended collection and persistence of user interaction details.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill directs persistent storage of learning history, goals, problems solved, and session notes without any user-facing privacy notice or opt-in. This is dangerous because users may share sensitive code, project details, or personal learning goals in what appears to be a normal tutoring session, not realizing the information will be retained across sessions.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The mandatory per-session learning log requires recording user-provided topics, solved problems, goals, challenges, and notes into a persistent file. This creates a clear data-retention vulnerability because it systematically stores potentially sensitive user content beyond the immediate session, increasing privacy exposure and the blast radius of later compromise or misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal