自学教练

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed education helper for turning course materials and exam questions into local HTML study pages, with no evidence of hidden execution or data exfiltration.

Install if you want an education-focused helper for generating local study and quiz HTML files. Teachers should still review generated pages before sharing them, avoid putting private student data into shared files, and be aware that quiz progress saved in localStorage stays in the student’s browser unless they export it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger description includes broad everyday phrases such as making materials into webpages or generating practice tools, which can overlap with ordinary user requests outside the intended education context. This can cause unintended activation of the skill, leading to irrelevant behavior, accidental disclosure of uploaded study materials into generated outputs, or routing users into a tool they did not mean to invoke.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal