OT Security Career

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed career-roadmap API, but users should be careful about the personal career details and identifiers they send to the external service.

Install only if you are comfortable sending career-profile information to this third-party API. Use the minimum useful detail, prefer pseudonymous session or user identifiers, and avoid employer secrets, facility names, operational diagrams, incident details, credentials, or other sensitive OT/security information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly collects and transmits user assessment data together with session identifiers, timestamps, and optional user IDs, but provides no privacy notice, retention policy, consent guidance, or data-handling constraints. Even though the data is career-oriented rather than overtly secret, it still contains personal and profiling information that could be misused, correlated across sessions, or exposed to third-party infrastructure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal