Student

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate local study helper, but its note command can write outside the documented notes folder if given path-like subject names.

Review before installing. Use simple subject names without slashes or '..', summarize only files you intend to share with the agent, and periodically review or delete ~/.student/notes/. The main fix to look for is validation that keeps note files inside the documented notes directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 83% confidence
Finding: The skill advertises commands that read user-supplied files for summarization, but the manifest does not declare any corresponding permission or capability boundary. This creates a transparency and governance gap: a user or platform may believe the skill is non-file-accessing when it can in fact read local files, increasing the risk of unintended exposure of sensitive data.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The description omits behavior related to a Pomodoro timer and persistent local note storage under ~/.student/notes, even though those features materially affect runtime behavior and data handling. Undisclosed persistence is especially relevant because users may provide academic notes containing personal or sensitive information without realizing it will be stored on disk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal