Back to skill

Security audit

Tutor Buddy Pro

Security checks across malware telemetry and agentic risk

Overview

This tutoring skill is not clearly malicious, but it stores sensitive student data and includes dashboard sync plans that conflict with its local-only privacy claims.

Review before installing, especially for children or classroom use. Use it only if you are comfortable with local storage of learner profiles, quiz results, session logs, and study plans; do not enable or build the dashboard sync until consent, destination, authentication, retention, and deletion controls are explicit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README markets photo capture, progress tracking, and use by children while providing only broad security assurances and no concrete warning about handling student images, educational records, or minors' data. This can mislead deployers into enabling collection or retention of sensitive learner data without clear consent, storage, deletion, or parental-control requirements, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The prompt instructs an AI agent to create directories, copy files, and recursively change permissions on a resolved skill directory without a clear user-facing warning or confirmation boundary. In an agent setting, operational instructions that modify the local filesystem can be risky because users may paste and run them without understanding the scope, and variables like SKILL_DIR could be wrong or attacker-influenced, leading to unintended file changes.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The suggested invocation phrase, such as 'Help me with my math homework,' is broad natural language that can overlap with ordinary conversation. In agent ecosystems where skills may trigger from loose phrase matching, this increases the chance of unintentional activation, causing the skill to run in contexts where the user did not intend it and potentially exposing or modifying study-related local data.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The usage trigger is extremely broad, activating on anything related to learning, tutoring, homework help, study plans, quizzes, or progress. This can cause the skill to engage in unintended contexts and begin processing sensitive student-related content without clear user intent, increasing privacy and safety risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill persistently stores learner profiles, quiz history, progress, and study plans, including data likely associated with minors, but does not require explicit user notice or consent before collection and retention. This creates a meaningful privacy risk, especially if users do not realize their educational interactions are being logged across sessions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The spec explicitly describes transmitting locally stored student progress data from JSON files to a web dashboard via /api/sync, but it provides no privacy notice, consent flow, transport/security requirements, or data minimization guidance. Because the dataset includes student learning history, quiz performance, study habits, and potentially OCR-derived problem text and image references, silent or poorly disclosed sync behavior can expose sensitive educational data to unauthorized access or unintended sharing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
SKILL.md:28