Back to skill

Security audit

student-mental-support

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Chinese-language student stress and career-support skill with local-only helper scripts and no evidence of hidden access, persistence, or exfiltration.

Install this only where Chinese-language support is appropriate. Treat it as supportive coaching for students, not a replacement for licensed mental-health care, and verify crisis hotlines or counseling resources for the user's region before relying on them. Avoid sharing unnecessary personal details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This file gives mental-health and anxiety-management guidance to distressed students but does not clearly state that the content is supportive self-help only, not a substitute for licensed care, and not appropriate for emergencies. In a mental-support skill, users may rely on the advice during worsening symptoms or crisis situations, delaying professional intervention or emergency help.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The skill content and user-facing outputs are entirely in Chinese with no visible language-selection logic, fallback, or indication that users explicitly opted into Chinese. In a mental-support context, language mismatch can cause users to misunderstand coping guidance or crisis-related recommendations, reducing safety and accessibility for non-Chinese-speaking users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.