Backend Developer

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward external career-roadmap API wrapper, but users should avoid sending sensitive career details unless they trust the provider.

Install only if you are comfortable sending career history, skills, goals, session identifiers, and optional user IDs to the provider's external API. Prefer pseudonymous session values and avoid including sensitive employer, compensation, or private project details unless the provider supplies acceptable privacy and retention terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly collects identifiable and profile-related data such as sessionId, userId, timestamps, work history, current skills, and career goals, but provides no privacy notice, retention policy, consent language, or description of how this data is handled. In a career-planning context, this can expose personal and professional profiling data to unintended processing or sharing, especially when paired with external API endpoints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal