Back to skill

Security audit

QuizMe

Security checks across malware telemetry and agentic risk

Overview

QuizMe appears to be a normal local quiz skill that saves progress under its own folder, with caveats around broad trigger phrases and an unused helper script that can call OpenAI if manually run.

Install if you are comfortable with quiz topics, progress, and generated question banks being stored locally in ~/quizme. Prefer explicit activation like /quizme or "quiz me on Python" to avoid accidental starts, and do not manually run scripts/generate_bank.py unless you intentionally want to use an OpenAI API key for external question generation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs persistent filesystem writes to ~/quizme and bank files, but no declared permissions are present. That creates a trust and containment problem: users and the platform may not realize the skill stores and mutates local data, which can lead to unauthorized persistence, privacy surprises, or policy bypass if the runtime relies on declared permissions for enforcement.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Broad trigger phrases like 'teach me X' and 'I want to learn X' are common conversational language and can activate the skill unintentionally. In this skill, accidental activation is more concerning because activation can lead to persistent local writes and state changes without the user explicitly invoking /quizme.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill persistently writes topics, progress, and question banks and also deletes bank files during graduation, but the user is not clearly warned about these side effects before they occur. Silent persistence and deletion can expose user interests, create unwanted residual data, and erode trust, especially when triggered from broad natural-language phrases.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.