Security audit

Vibe Coding Learning

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a learning-notes assistant, but it can automatically scan project content, read prior conversation/note data, write many note files, and run a local script without a clear confirmation step.

Install only if you want an agent to manage a local learning-notes knowledge base. Before using Auto mode, confirm which files it will read and which learning-notes files it will create or update. Do not let it run project-local scripts such as `scripts/analyze-session.py` unless you trust that repository, and use prompt-history analysis only for conversations you are comfortable having summarized into learning artifacts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill adds a prompt-analysis mode that inspects recent conversation history and scores user prompting behavior, which materially expands data access and functionality beyond the declared purpose of summarizing learning from coding sessions. This increases privacy and overreach risk because users invoking a learning-notes skill may not expect broad analysis of prior chats or storage of prompt-optimization artifacts.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The inbox triage, knowledge-linking, weekly synthesis, and health-diagnosis modes significantly broaden the skill from note generation into repository-wide lifecycle management and behavioral monitoring. That mismatch raises least-privilege concerns because the skill may scan, classify, and modify large portions of `learning-notes/` without users realizing these side effects from the advertised scope.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger list includes broad everyday phrases such as review, summarize, explain code, and progress-check language, including common Chinese phrases, which can match many normal conversations. Overbroad activation can unintentionally invoke repository scanning and file-writing behavior in contexts where the user did not actually intend to run this skill.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill declares outputs that create or update multiple note artifacts, but it does not prominently require a user-facing warning or confirmation before modifying files. In practice, a user asking for a summary may unknowingly trigger writes to calendars, progress trackers, indexes, and cards, which is a meaningful integrity and surprise-action risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal