Supply Chain Mgmt

Security checks across malware telemetry and agentic risk

Overview

This is a simple API documentation skill for generating supply-chain career roadmaps, with visible but privacy-relevant assessment and identifier fields.

Before installing or using it, confirm the provider’s privacy practices and avoid sending sensitive employer details, personal identifiers, or stable user IDs unless that personalization is necessary and you trust the endpoint.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill documents collection and transmission of assessment data, session IDs, timestamps, role history, and optional user identifiers, but provides no privacy notice, retention limits, consent guidance, or handling constraints. In a career-assessment context this data can be sensitive profiling information, and the absence of data-handling safeguards increases the risk of unnecessary exposure, tracking, and misuse by integrators or the upstream API.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal