Bar Exam

Security checks across malware telemetry and agentic risk

Overview

This is a coherent bar exam study helper with scoped local progress files and no evidence of hidden execution, network use, credential access, or exfiltration.

Before installing, understand that the skill is designed to keep bar exam study records locally in ~/bar-exam/. Avoid storing sensitive personal details there on shared machines, and periodically review or delete that folder if you no longer want retained study history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly specifies persistent local storage under ~/bar-exam/ for sensitive user study data, but provides no warning, consent flow, or retention/privacy guidance. Even though the data is not highly privileged system data, it can include personal educational history, jurisdiction plans, retake status, and written essays, creating avoidable privacy and confidentiality risks if stored automatically or on shared machines.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal