Robotics Engineer

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward API-backed career roadmap tool, with the main caution that user assessment details may be sent to an external service.

Install only if you are comfortable sending career assessment data to the listed external API provider. Use a null or pseudonymous userId where possible, and avoid including sensitive personal, employer, or contact information beyond what is needed for a roadmap.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill documentation encourages collection and transmission of user-linked identifiers such as sessionId and userId together with detailed assessment data, but provides no privacy notice, minimization guidance, retention limits, or handling constraints. While the sample values are illustrative, the API contract normalizes sending potentially identifying and profiling information to an external service, which creates privacy and compliance risk if adopted as-is.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal