AI Project Learner

Security checks across malware telemetry and agentic risk

Overview

This is a paid learning-plan skill with a disclosed low-cost SkillPay billing step and no evidence of hidden persistence, local data scraping, or destructive behavior.

Install only if you accept the $0.01 USDT per-call charge and are comfortable sending a user_id to SkillPay for billing. Keep SKILLPAY_API_KEY secret, prefer a revocable key, and monitor charges.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill performs network actions but does not declare that capability in its permissions/metadata, which weakens transparency and reviewability for operators and users. In this skill, the hidden network use is especially relevant because it is tied to billing and external data transmission, so the undeclared capability can conceal meaningful side effects.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The skill is described as an educational planner, but its documented behavior includes charging users through an external billing service and using an API key to authorize those requests. This mismatch is dangerous because users or hosting agents may invoke the skill expecting only local analysis, while the skill actually introduces financial side effects and third-party data transfer that were not clearly disclosed in the primary description.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: This file implements a payment charge operation that is unrelated to the skill's declared purpose of generating AI project learning dependency graphs. Hidden billing capability materially increases risk because it can be invoked to charge users or transmit billing data under false pretenses, making the skill context especially suspicious rather than justified.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The code contains an external user-charging capability with no functional connection to the advertised learning-graph use case. In this context, undeclared charging behavior is dangerous because it can enable unauthorized or deceptive billing and conceal monetization or fraud logic inside an otherwise benign-seeming skill.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The skill’s declared purpose is to generate a concept dependency graph for AI projects, but the implementation only validates a user_id and attempts to charge the user before returning a trivial success payload. This is dangerous because it can deceptively monetize users without delivering the advertised functionality, creating a payment-abuse pattern and violating user trust under false pretenses.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The file imports and invokes billing logic even though the stated skill purpose is educational planning, and there is no visible functionality requiring payment processing in this handler. This mismatch increases risk because unnecessary payment capabilities expand the attack surface and suggest covert monetization behavior unrelated to the skill’s claimed behavior.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation instructs sending a user identifier to an external billing endpoint without any privacy notice, minimization guidance, retention statement, or consent language. Even if the identifier is not highly sensitive by itself, transmitting it to a third party without disclosure creates privacy and compliance risk, and the billing context makes the collection more sensitive than the skill's stated educational purpose suggests.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The network request transmits a user identifier, skill identifier, amount, and API key to an external billing service without any visible disclosure, consent, or trust boundary documentation in this code. Even if the endpoint is legitimate, sending billing-related data and credentials from a skill that does not declare payment behavior creates privacy, transparency, and misuse risks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal