Machine Learning Roadmap

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local content-logging tool packaged as an ML roadmap skill, so users may not expect their inputs to be stored and searchable.

Review before installing. Treat this as a local content logger, not a machine-learning roadmap planner. Avoid entering secrets, private notes, customer data, or proprietary drafts unless you are comfortable with them remaining in ~/.local/share/machine-learning-roadmap and being searchable/exportable until manually deleted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (12)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 98% confidence
Finding: The skill’s manifest and name present it as an ML study-roadmap tool, but the documented behavior is a general-purpose content/logging utility with persistent local storage, export, and search features. This mismatch is dangerous because users and orchestrators may invoke it under false assumptions, causing unintended collection and retention of arbitrary user content and enabling broader-than-expected data handling.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The manifest advertises a roadmap/planning skill, while the documentation describes a local content-management and logging toolkit. Security controls and user consent depend on truthful capability descriptions; misleading documentation can bypass scrutiny and lead users to submit sensitive content that is then stored and exported unexpectedly.

Intent-Code Divergence

High

Confidence: 95% confidence
Finding: The title and heading imply educational roadmap functionality, but the body documents a versioned content toolkit for drafting, editing, optimizing, and managing content. This deceptive framing increases the chance of inappropriate activation and misuse, especially in agent environments that route by name and description.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: Features like CTA generation, hashtag management, hooks, headlines, scheduling, and tone rewriting are outside the declared purpose of planning ML study paths and discovering resources. Unjustified expansion of capability broadens the data processed and the contexts in which the skill might be invoked, increasing privacy and misuse risk.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The script's advertised and implemented behavior is a generic content-writing/logging toolkit, not an ML roadmap planner as declared in the skill metadata. This mismatch is dangerous because users may trust the skill with study-planning data while it silently performs unrelated collection and storage of freeform inputs, expanding the data handling surface beyond expected scope.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The script creates a persistent data directory and records user inputs to log files, then exposes those records through later commands. In the context of a study-planning skill, this is out-of-scope retention that can capture sensitive learning notes, goals, or other pasted content without clear user expectation or consent.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: Capabilities like hashtags, hooks, CTA, headline, tone, rewrite, and translate are unrelated to an ML roadmap skill and indicate the script serves a different purpose than claimed. This broad, unjustified functionality increases the risk of deceptive packaging and unauthorized processing of user content under a misleading trust boundary.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The header explicitly labels the script as a content tool, directly contradicting the machine-learning roadmap identity in the metadata. While not directly enabling code execution, this inconsistency is a strong indicator of repackaging or deceptive distribution that can mislead users about what the skill does and what data it handles.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill stores arbitrary user inputs in persistent local log files, but the top-level description does not clearly warn users about this retention. That omission is dangerous because users may enter sensitive notes, drafts, or translated text believing the interaction is transient, leading to unanticipated data exposure on the host system.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: At this point in the script, user-provided input is written to persistent local logs without any upfront disclosure that entries will be stored and retained. This is dangerous because users may paste sensitive personal, educational, or proprietary content assuming ephemeral processing, but the script preserves it for later retrieval.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The design persistently records user inputs and later reveals them via search, recent, status, and export features, creating a broad local disclosure surface. In an ostensibly educational roadmap skill, this makes the context more dangerous because users are less likely to expect surveillance-style retention and replay of everything they enter.

Session Persistence

Medium

Category: Rogue Agent
Content: # Draft a new ML blog post idea machine-learning-roadmap draft "Introduction to Neural Networks: A Beginner's Guide" # Create an outline for a tutorial machine-learning-roadmap outline "1. What is ML? 2. Supervised vs Unsupervised 3. Tools 4. Practice Projects" # Record a headline variation
Confidence: 88% confidence
Finding: Create an outline for a tutorial machine-learning-roadmap outline "1. What is ML? 2. Supervised vs Unsupervised 3. Tools 4. Practice Projects" # Record a headline variation machine-learning-roadmap h

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal