阅读清单

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only reading-list helper that stores reading-list data locally, with no executable code or hidden behavior found.

Before installing, remember that URLs, titles, notes, progress, and reading habits may persist locally. Avoid storing sensitive research topics unless that local file location is acceptable, and preview delete, share, or export actions before confirming them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The skill explicitly states that the reading list is stored persistently in a local file under the user's home directory, but it does not warn users that URLs, titles, notes, or reading habits may be retained across sessions. This can expose personal interests or sensitive research topics to other local users, backups, or later processes that access the workspace.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal