RPA Developer

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward career-roadmap API that asks for relevant assessment details, with a privacy-disclosure caveat.

Use anonymous or minimal identifiers where possible, and avoid submitting sensitive personal career details unless you are comfortable sending them to the external API provider. Look for the provider's privacy and retention terms before using real profile data at scale.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill documentation explicitly collects and transmits session identifiers, timestamps, user IDs, and detailed assessment data, but provides no privacy notice, data minimization guidance, retention policy, or warning about sharing potentially sensitive career/profile information with an external service. This creates a real privacy and security risk because users or downstream agents may send linkable personal or behavioral data to a third-party API without informed consent or handling safeguards.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal