Back to skill

Security audit

ee-ai-toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent electrical-engineering education toolkit with local example scripts; one prompt-logging demo writes user-entered prompts to a local file, so users should avoid entering secrets there.

Install is reasonable for educational electrical-engineering and prompt-engineering use. Before running bundled scripts, review what each one reads or writes, run them in a working directory you are comfortable modifying, and do not enter credentials, proprietary prompts, resumes, or other sensitive text into the prompt-logging examples unless you are comfortable with local retention.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script takes arbitrary user-entered prompts and silently persists them to a local file, which can expose sensitive or proprietary information if users paste credentials, internal data, or personal content. The risk is increased because the behavior is not clearly disclosed before collection, so users may reasonably assume the input is ephemeral.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.