Flashcard

Security checks across malware telemetry and agentic risk

Overview

This is a flashcard study skill that keeps study notes locally, with no evidence of exfiltration, destructive behavior, or hidden privileged actions.

Install if you are comfortable with flashcard notes and command history being saved locally, typically under the user data directory unless FLASHCARD_DIR or XDG_DATA_HOME changes it. Avoid storing passwords, secrets, or highly sensitive personal material in study notes unless you have checked and can manage the local files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The note command writes arbitrary user-provided content to a persistent local file without any explicit warning, which can surprise users into storing sensitive study notes, credentials, or personal data on disk. In this script the storage is local and not transmitted elsewhere, so the risk is limited, but undisclosed persistence still creates a real privacy issue.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal