Studying

Security checks across malware telemetry and agentic risk

Overview

This study skill stores study preferences locally as part of its stated purpose and shows no code execution, network transfer, credential use, or hidden behavior.

Before installing, know that the skill is designed to create and update a local study-preferences file at ~/studying/memory.md. Review or delete that file if it becomes too personal or inaccurate, and avoid storing sensitive grades, school records, medical details, or other private information unless you intentionally want them in local memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly persists user study-behavior data in `~/studying/memory.md` and instructs the agent to create and update that file, but it provides no user-facing notice, consent flow, retention policy, or visibility into what will be stored. Even though the data is not highly sensitive by default, study habits, exam patterns, and learning preferences are personal behavioral data and silent persistence increases privacy risk and the chance of unexpected data exposure on a shared or compromised system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal