Back to skill

Security audit

Tech Tutor

Security checks across malware telemetry and agentic risk

Overview

This tutor appears purpose-built, but it automatically stores and reuses learning records across user and project scopes, which deserves review before installation.

Install only if you are comfortable with the agent creating local learning notes and later checking them across sessions and projects. Avoid using it on sensitive codebases unless you can control or review what is saved in .tech-tutor directories, and consider deleting or excluding those directories from version control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README states that the skill automatically creates learning records under both user-level and project-level directories, but it does not prominently warn users that local files will be written or obtain explicit consent for those writes. In a project context, this can unintentionally persist sensitive prompts, codebase details, or learning notes onto disk, including inside repositories where they may later be committed or exposed.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation guidance uses very generic phrases such as asking to learn a technology or understand a project, which can easily overlap with normal user requests. This can cause unintended invocation of the skill, expanding its access to conversation context and triggering behaviors like note-taking or external-source use when the user did not explicitly intend to use this skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README states that learning records are automatically saved under both the user's home directory and project directories, but it does not present this as a prominent privacy and filesystem-write warning before use. Users may unknowingly allow persistent storage of potentially sensitive project details, learning notes, or repository-specific context, creating privacy, data leakage, and workspace contamination risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to save a learning record automatically after each session, but it does not require explicit informed consent about persistence, contents, retention, or privacy implications. That creates a real privacy risk because users may disclose sensitive educational, project, or codebase information without realizing it will be written to disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Connected learning is enabled by default and instructs the agent to inspect prior session records, including project-level records, without a clear upfront warning or opt-in. This can expose prior user data across contexts and projects, creating unexpected cross-session and cross-project privacy leakage.

Ssd 3

Medium
Confidence
94% confidence
Finding
The record-keeping and review design encourages retention of user insights, questions, project details, and future plans, but does not set clear minimization boundaries or prohibit storing sensitive data. Over time, this can accumulate a rich behavioral and project history that may be reused beyond the user's expectations.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill explicitly tells the agent to mine prior records from user-level, project-level, and other projects via a global index and reuse them in new conversations. Even if framed as helpful personalization, this expands the blast radius of any previously stored sensitive information and increases the chance of context-inappropriate disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.