Back to skill

Security audit

Quantum Tech

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward career-roadmap API that asks for relevant profile inputs but does not install code or request local system access.

Install only if you are comfortable sending career background, skills, goals, timestamps, session identifiers, and optional user ID to the external roadmap API. Avoid including sensitive personal details that are not needed for career guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly collects potentially sensitive personal assessment data, including user IDs, session IDs, timestamps, skills, experience, and career goals, but provides no privacy notice, data handling description, retention policy, or consent guidance. While this is not an exploit by itself, it creates a real privacy and compliance risk because users may disclose personal profiling data without understanding where it is sent, stored, or shared.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.