tutor-for-all

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward tutoring skill that keeps study plans and progress in local Markdown files, with no executable code or hidden behavior found.

Install if you want an agent to maintain a local study profile, curriculum, schedule, progress log, and session notes. Treat those Markdown files as personal records: review them periodically and avoid adding sensitive information you would not want another local tool or agent with filesystem access to read.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill persistently reads and writes multiple local Markdown files containing user study profiles, goals, schedules, and notes, but it does not tell the user that their personal learning data will be stored locally or how it will be retained. This creates a real privacy risk because sensitive personal information can accumulate over time and be exposed to other agents, users, or tools with filesystem access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal