Security audit

Math Worksheets

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a worksheet generator with some privacy-sensitive optional sharing features, not malware or a deceptive package.

Install only if you want a skill that can create, compile, verify, and optionally distribute math worksheets. Keep use local unless you intentionally choose a sharing channel, redact student names or school details from photos and PDFs, and review any generated worksheet before sending or printing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill performs network-capable behavior by fetching hosted model rankings from GitHub and auto-downloading TeX packages via Tectonic, yet no permissions are declared. Undeclared network access is dangerous because it expands the trust boundary silently, enables remote content influence over model selection and build behavior, and prevents users or the platform from making an informed allow/deny decision.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented behavior exceeds the stated worksheet-generation purpose by inspecting local model configuration, classifying installed models, and incorporating external ranking data into execution decisions. This mismatch is security-relevant because users invoking an education skill would not reasonably expect local environment discovery or network-informed model routing, which can expose system metadata and conceal materially different behavior than advertised.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill includes outbound delivery over Telegram, SMS/iMessage, email, and optional printing even though its primary purpose is worksheet generation. That broadens the action surface from local document creation to external distribution of files that may contain student names, grade level, and learning data, creating privacy and unintended exfiltration risk if invoked without clear consent and permission boundaries.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README explicitly encourages use of a 'homework photo as a guide' but provides no privacy notice, data-minimization guidance, or warning that images may contain personal information such as student names, school details, or handwritten identifiers. In a K-12 context, this omission is more sensitive because it can lead users to share children's educational records or other personal data without informed consent or handling expectations.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill omits a clear warning that generated PDFs and student-related metadata may be transmitted through external messaging or email channels. In an educational context involving minors, this omission increases privacy risk because users may not realize personally identifying or sensitive academic information is leaving the local environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal