Exam

Security checks across malware telemetry and agentic risk

Overview

This is a study-assistant skill with local progress storage and optional reminders, with no evidence of hidden code, credential access, network transfer, or malicious behavior.

Reasonable to install for normal study use. Be aware that generated questions, answers, flashcards, and performance history may be saved under ~/exams/. If you ask for reminders, have the agent show the exact cron entry before enabling it and remove it when the exam is over, especially on shared machines.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill explicitly documents persistent storage of study history, performance data, and flashcards under a local directory, but does not warn the user that their educational content and activity will be retained on disk. This can expose potentially sensitive material such as proprietary notes, exam prep content, or performance records to other local users, backups, or later unintended reuse.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The skill advertises reminders implemented via cron without warning that it may create or modify scheduled system tasks. Silent cron modification can surprise users, create persistence on the host, and in shared or managed environments may violate user expectations or local policy even if the feature is intended for convenience.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal