Embedded Systems

Security checks across malware telemetry and agentic risk

Overview

This skill is a focused external API wrapper for generating embedded-systems career roadmaps, with no local code execution or privileged access.

Install only if you are comfortable sending career background, skills, goals, and tracking identifiers to the external API provider. Avoid optional identifiers such as userId unless needed, and check the provider's privacy practices before submitting sensitive employment history or personal goals.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill presents itself as a focused embedded-systems career roadmap service, but the About and References sections point to a broader security-API platform and unrelated infrastructure. This mismatch undermines trust, obscures the true service boundary, and increases the risk that user data is being sent to an unexpected third-party ecosystem or repurposed beyond the stated function.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The usage example shows transmission of potentially sensitive profile and assessment data, including career history, skills, goals, timestamps, and session identifiers, without any privacy notice, retention policy, or handling constraints. Users may disclose personal or behavioral data without informed consent, and operators or intermediaries could store, correlate, or misuse that information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal