Edge Computing

Security checks across malware telemetry and agentic risk

Overview

This is a coherent career-roadmap API skill, but it sends career assessment details and tracking metadata to an external service.

Install only if you are comfortable sending career assessment details, goals, session IDs, timestamps, and any optional user ID to the external API provider. Avoid unnecessary personal details and use pseudonymous identifiers where possible unless you have checked the provider's privacy and retention practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly describes collecting and transmitting assessment details together with persistent tracking identifiers such as sessionId, userId, and timestamps, but provides no privacy notice, retention limits, minimization guidance, or warning about sending personal/career profiling data to a third-party API. In a career-development context, this can expose sensitive professional profiling information and enable cross-session tracking or linkage of user behavior without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal