NEET

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only NEET study assistant whose local progress files are disclosed and aligned with its purpose, though users should treat those files as private.

Install only if you are comfortable with the assistant keeping NEET preparation records on your machine. Review ~/neet/ and ~/neet-tutor/ periodically, avoid storing unnecessary personal or category details, get consent before tracking other students, and delete those folders when the records are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs the agent to persist user study data under `~/neet/`, including profile details, category, state domicile, exam performance, and feedback, but provides no user-facing notice, consent flow, or retention/deletion guidance. This creates a privacy and transparency issue because sensitive educational and personal data may be written to local storage unexpectedly and retained indefinitely.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal