TOEFL

Security checks across malware telemetry and agentic risk

Overview

This TOEFL study helper is instruction-only and purpose-aligned, with the main caution that it keeps local study and planning records.

Install only if you are comfortable with the agent creating local TOEFL records. Avoid storing unnecessary personal or student identifiers, review and delete ~/toefl/ or ~/toefl-tutor/ when no longer needed, and confirm school, ETS, and immigration requirements with official sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs persistent storage of detailed user study data under `~/toefl/` without any explicit notice, consent flow, retention policy, or guidance on handling sensitive personal information. Even though the domain is educational, these files can contain exam history, target schools, deadlines, and potentially immigration-related planning data, creating privacy and unintended local data exposure risks on shared or insecure systems.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal