Data Viz Specialist

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal career-roadmap API skill, with a privacy note around sending career assessment data and optional identifiers.

Install only if you are comfortable sending career history, skills, goals, session identifiers, and timestamps to this service. Treat the example IDs as placeholders, omit userId unless your account flow requires it, and do not include credentials, financial data, or unrelated private information in assessment fields.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The API accepts session-linked assessment data and optional user identifiers, yet the specification provides no privacy, retention, consent, or handling guidance. In a career-roadmap context, this can lead to unnecessary collection or downstream exposure of behavioral/profile data, especially when clients or integrators assume such fields are safe to transmit without constraints.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal