Back to skill

Security audit

IELTS Tutor

Security checks across malware telemetry and agentic risk

Overview

The tutoring instructions are mostly coherent, but the skill declares wallet access that does not fit IELTS tutoring.

Review the permission prompt carefully before installing. The tutoring content itself is instruction-only and coherent, but do not grant wallet access for this skill unless the publisher provides a clear reason. Also expect learner notes, errors, and progress summaries to be saved in memory files across sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill’s stated purpose is IELTS tutoring, but it also instructs the agent to persistently update memory files after each session. That creates a hidden stateful side effect unrelated to the immediate user-visible tutoring task, which can retain personal learning history and mistakes without clear consent or boundaries.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Persistent modification of MEMORY.md and dated logs gives the skill a capability beyond what is necessary to provide tutoring responses in-session. This expands the attack surface by enabling silent accumulation of user data and unintended cross-session influence, especially if later prompts or tools consume those files.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are broad enough to activate on general English-help or correction requests, which can cause the skill to run when the user did not specifically ask for IELTS-mode tutoring. Over-broad invocation increases the chance of unexpected behavior, including unintended memory writes or rigid formatting constraints being applied in normal conversations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs persistent updates after each session but does not require any user-facing disclosure or consent for those writes. Silent persistence is dangerous because users may reveal essays, mistakes, goals, or other sensitive educational data without realizing it is being stored across sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.