Study Plan

Security checks across malware telemetry and agentic risk

Overview

This study planner keeps local study/task data and command history on disk, but it does not show network access, credential use, privilege escalation, or destructive behavior.

Reasonable to install for local study planning. Avoid entering highly sensitive personal details unless you are comfortable with them being stored in local data and history files, and do not rely on the clear command as proof that saved entries were deleted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The script stores task data persistently in a local file under a predictable directory without clearly warning users that entered content will be retained. In a productivity tool, users may enter sensitive notes, deadlines, or personal information, so silent persistence can create privacy exposure on shared systems or in environments where local data retention is unexpected.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The _log function silently appends command activity and user-supplied arguments to a history file, which can capture sensitive task names or reminders without the user's awareness. In the context of a task-management skill, this increases privacy risk because seemingly routine commands may record personal plans, work items, or other confidential text to disk indefinitely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal