Back to skill

Security audit

Dev Mentor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent developer-learning skill, with a disclosed local project-state file that users should treat as potentially sensitive.

Install only if you are comfortable with the skill writing a local dev-mentor-projects.json file in your project directory. Do not let it store passwords, tokens, private keys, or detailed server access information there, and delete the file when you no longer want cross-session project memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs creation of a persistent `dev-mentor-projects.json` file in the working directory to retain cross-session state, including project details, issues, todos, and server information. For a conversational learning companion, this is more data retention than is strictly necessary and creates privacy and data-handling risk, especially if the working directory is shared, synced, or later exposed.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger list includes broad phrases such as '学开发', '教我做项目', and 'coding mentor', which can match ordinary conversation and cause unintended invocation. Accidental activation can route users into this skill unexpectedly, increasing the chance of inappropriate file operations, persistence behavior, or scope confusion.

Ssd 3

Medium
Confidence
95% confidence
Finding
The project state design persists user-provided project metadata and potentially sensitive operational context such as `serverInfo`, issues, and todos across sessions in a local JSON file. In the context of a development mentor skill, this increases exposure of potentially sensitive infrastructure or project details without clear necessity, consent, access controls, or redaction.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.