Cca
Security checks across malware telemetry and agentic risk
Overview
This looks like a CCA study guide, but it requests local file-reading and shell-command permissions that the study-navigation content does not need.
Review before installing. The educational content appears benign, but the skill grants shell-command and local file-read access that is unnecessary for a CCA study navigator. Prefer a version with those permissions removed unless you trust the publisher and understand why they are enabled.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.