Back to skill

Security audit

Error Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a local study error-analysis helper that saves mistake records for review, with no evidence of credential access, networking, automatic execution, or destructive behavior.

Install only if you are comfortable with local records of study questions and answers being kept on disk. Use the documented scripts/error.sh commands for the intended workflow, and review or avoid the auxiliary scripts/script.sh utility if you do not want command history or arbitrary notes saved locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script persists learner-provided question text and both wrong/correct answers to ../data/errors.json without any explicit notice, consent, retention policy, or access controls. Because educational inputs can contain personally sensitive information, saving them silently creates a privacy risk and can expose user data to other local users, backups, or later unintended processing.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The logging helper writes command arguments to a persistent history file, but the help text does not warn users that supplied inputs are retained on disk. In a skill context, users may pass sensitive filenames, search terms, or other private content, which then becomes recoverable from local storage unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The add command persists arbitrary user input directly into a local database file without clearly informing the user. This can unintentionally capture secrets, personal data, or operational details entered during use, increasing privacy and data-handling risk if the local account or files are later accessed by another process or user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.