基于多阶段协作的智能面试系统，模拟真实面试场景，对用户进行技术面试评估。

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent interview-practice skill, with disclosed local profile storage and purpose-related question fetching from GitHub/web sources.

Before installing, understand that this skill may keep a local interview profile with your name or anonymous label, technical tags, scores, and feedback. Use anonymous mode if you do not want to provide a name, and review the underlying profile-storage tool if retention matters. Also be aware that question material may be pulled from a public GitHub repository and web-backed question sources, so use it in a sandboxed or low-sensitivity environment if you need tighter control over external content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill specifies behaviors that require network access (GitHub/web question fetching) and likely code-like execution capabilities, yet no permissions are declared. This creates a transparency and governance gap: operators and users cannot accurately assess what external access the skill may perform, increasing the risk of unintended data exposure or tool misuse.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The skill is presented as an interview assistant, but it also depends on pulling remote content from GitHub and using web fetch for question generation. This mismatch is dangerous because it obscures the true trust boundary: unreviewed external content can influence prompts, outputs, and possibly downstream tool behavior, creating prompt-injection, integrity, and privacy risks.

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The privacy section claims local storage, but the skill also fetches content from external network sources during operation. Even if profile data is intended to remain local, the documentation can mislead users about data flow, and there is a risk that profile tags, prompts, or contextual interview data could be sent to external services as part of question retrieval or matching workflows.

Description-Behavior Mismatch

Medium

Confidence: 82% confidence
Finding: The skill silently pulls content from an external GitHub repository at runtime, but that network dependency is not disclosed in the skill description. This is dangerous because users may believe content is local and trusted, while the actual interview material can change remotely and may include malicious or unsafe prompt content that later influences downstream model behavior.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill metadata promises an anonymous mode, but this code contains no anonymization, identity stripping, or privacy controls for interview answers or profile data. Users may disclose sensitive resume or employment information believing anonymity is enforced when it is not, creating a privacy and trust failure.

Context-Inappropriate Capability

Medium

Confidence: 81% confidence
Finding: The interview assistant introduces subprocess-based execution of another script to retrieve content, which exceeds the minimal capability required for scoring and orchestration. In agent environments, extra execution primitives increase the blast radius of supply-chain compromise, local file tampering, or future prompt-to-tool misuse even if this file does not show direct command injection.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill persists user profiles and updates interview feedback, but the startup flow does not clearly warn users that their data will be stored and modified. This undermines informed consent and can lead to unauthorized retention of personal or employment-related data, especially because the skill collects names, technical profiles, and performance history.

Missing User Warnings

Low

Confidence: 76% confidence
Finding: The code performs outbound network retrieval without any runtime disclosure to the user about the remote source being contacted. While not a direct code-execution flaw, it is a real transparency and trust issue because the skill consumes third-party content in a context where users may assume deterministic, local interview material.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal