IOT Developer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent IoT career-roadmap API skill, with a privacy caution around sending assessment details and identifiers to the service.

Install only if you are comfortable sending IoT experience, skills, goals, timestamps, and possibly a user identifier to an external service. Prefer pseudonymous session IDs, omit or null the optional userId when possible, and avoid including sensitive employer, project, account, or personal details unless needed for the roadmap.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill documents sending persistent identifiers and detailed assessment/profile data to an external API without any privacy notice, minimization guidance, or consent language. Even though the values are examples, this normalizes transmitting personal profiling data and can lead integrators to collect and forward unnecessary user data, increasing privacy and compliance risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal