Frontend Developer

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward frontend career-roadmap API skill; it shares user-provided assessment details with an external service, but the data flow is visible and aligned with the stated purpose.

Safe to install for normal use, but treat roadmap requests as sending career profile information to a third-party API. Prefer anonymous or pseudonymous IDs and avoid including sensitive employer, account, or personal details unless you are comfortable sharing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents collection of session identifiers, user IDs, timestamps, experience history, skills, and career goals without any privacy notice, retention limits, consent guidance, or data-handling constraints. In a career-guidance context this data can be personal or linkable to an identifiable user, and normalizing its collection without safeguards increases privacy, compliance, and misuse risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal