CyberSec Roadmap V2

Security checks across malware telemetry and agentic risk

Overview

This skill is a documented external API for generating cybersecurity learning roadmaps, with manageable privacy considerations around the learner details and identifiers it asks users to send.

Before installing, treat anything sent to the roadmap endpoint as shared with a third-party API operator. Use pseudonymous session IDs, avoid sensitive employer or personal details in assessment fields, and confirm the service's privacy and retention practices before using it for organizational training data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The sample request explicitly includes sessionId, userId, and timestamp fields, which are user/session tracking identifiers, but the skill provides no privacy notice, retention guidance, or data-handling constraints. In a skill that profiles users' experience, goals, and learning preferences, this omission can lead operators to transmit identifiable behavioral data to a third-party API without informed consent or minimization.

External Transmission

Medium

Category: Data Exfiltration
Content: ## References - **Kong Route:** https://api.mkkpro.com/career/cybersec-roadmap-v2 - **API Docs:** https://api.mkkpro.com:8109/docs
Confidence: 81% confidence
Finding: https://api.mkkpro.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal