Robotics Programmer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed robotics career-roadmap API skill with normal personalization data collection and no hidden execution or local system access.

Reasonable to install for roadmap guidance. Before using it, verify the provider if that matters to you, and do not submit secrets, confidential company information, proprietary project details, or unnecessary personal identifiers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly collects assessment details, session identifiers, timestamps, and an optional user ID, but provides no disclosure about retention, sharing, minimization, or protection of that data. While the data is not highly sensitive on its face, it can still be used for profiling, tracking, and correlating user activity across sessions, which creates a real privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The schema explicitly collects session-linked data and an optional userId, but the spec provides no indication of minimization, consent, retention, or transport/privacy handling. In an agent context, this can lead to silent transmission of identifiable or correlatable user data to the service, increasing privacy and tracking risk even if the API is otherwise functioning as intended.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal