VAPT Intern

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward VAPT career-roadmap API that uses disclosed assessment details to generate learning plans.

Before installing, be comfortable sharing career goals, skill levels, experience details, session identifiers, timestamps, and optional user IDs with the provider. Avoid entering employer-confidential, client, target-system, or real engagement details unless you have confirmed the provider's privacy and retention practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly collects session identifiers, timestamps, and optional user IDs, but the documentation provides no privacy notice, retention policy, minimization guidance, or handling constraints. Even though these fields are common operational metadata, they can still enable user correlation, tracking, and unintended disclosure when sent to a third-party API, especially in a career-assessment context tied to personal skill profiles.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal