Back to skill

Security audit

Expense Tracker

Security checks across malware telemetry and agentic risk

Overview

This expense tracker matches its stated purpose, but it stores sensitive expense data with overly broad file-write behavior that users should review before installing.

Install only if you are comfortable storing expense details in local markdown files and duplicated backups under Documents. Use explicit logging requests, avoid sensitive descriptions, keep date/month inputs in normal YYYY-MM-DD or YYYY-MM format, and review or delete the backup folder if Documents is synced or shared.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to read and write files in the workspace, but the skill declares no explicit permissions or safety boundary for those capabilities. That mismatch can cause the agent to perform persistent file operations without clear user awareness or policy enforcement, increasing the risk of unintended data modification.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The auto-backup feature copies expense data to ~/Documents/expenses_backup, which is outside the stated workspace scope and creates an additional persistence location the user may not expect. This broadens the data exposure surface for sensitive financial records and can bypass workspace-based cleanup, review, or access controls.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script silently copies expense data to a second location outside the declared workspace, creating an additional persistence channel for potentially sensitive financial records. This increases data exposure, breaks user expectations about where personal finance data is stored, and can bypass workspace-scoped controls or cleanup procedures.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Writing backup data to ~/Documents/expenses_backup places personal financial information in an unrelated user directory that may be synced, indexed, or shared differently from the workspace. In the context of an expense-tracking skill, this is more dangerous because the data is inherently sensitive and users are likely to expect storage to remain confined to the finance workspace.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is broad enough that ordinary conversation about spending could trigger persistent logging behavior. In context, this is risky because the skill performs file writes, so an ambiguous activation rule can cause unintended retention of personal financial information.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The workflow trigger 'When the user mentions spending money' is an overly permissive instruction for a state-changing skill. Because the skill writes structured financial records, casual mentions of purchases could be persisted without the user's clear request, creating privacy and integrity issues in the expense log.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Creating an undisclosed backup copy in Documents duplicates sensitive expense records without explicit notice at the point of operation. This is dangerous because users may delete or protect the workspace copy while remaining unaware that a second copy persists elsewhere, increasing confidentiality and retention risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.