Security audit

Cloud Support

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent external API tool for generating cloud-career roadmaps, but users should know their assessment details are sent to the provider.

Install only if you are comfortable sending career assessment details to the provider’s external API. Prefer anonymous or null user IDs, avoid cloud credentials, employer-confidential information, or account details, and check the provider’s privacy practices if the data is sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly collects and transmits user assessment data including session identifiers, user IDs, timestamps, experience details, skills, and career goals, but provides no privacy notice, retention policy, consent guidance, or data-handling constraints. While the data is not highly sensitive in the classic credential/financial sense, it is still personal and profiling-related information that could expose user identity, employment background, and career intentions if mishandled.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.