Back to skill

Security audit

Watch My Money

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent local finance analyzer, but its generated financial report loads Google Fonts despite promising no network calls.

Review before installing if you need strict local-only privacy. The main issue is the report template’s external Google Fonts request despite the no-network claim. Also be comfortable with transaction reports being saved under ~/.watch_my_money/ until deleted or reset, and do not rely on the privacy blur as redaction for sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The template imports Google Fonts from an external origin, which causes a network request when a locally generated financial report is opened. In the context of a banking/transaction analysis skill, that leaks metadata such as IP address, user agent, timing, and potentially report access patterns to a third party without necessity.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list contains broad natural-language phrases like "check my budget," "analyze transactions," and "monthly expenses," which can easily overlap with ordinary user requests and cause unintended invocation. In a financial skill, accidental activation is more sensitive because it can lead to processing or persisting private transaction data when the user did not explicitly intend to use this specific tool.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that sensitive financial data, budgets, merchant overrides, and history are persisted under ~/.watch_my_money/, but it does not clearly require informed user consent before saving or before destructive actions like reset-state. Because the data includes transaction history and generated reports, insufficient notice can expose highly sensitive financial information to other local users, backups, or later unintended access.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The copy-to-clipboard feature copies sensitive financial summary data to the system clipboard with no warning, confirmation, or privacy notice. Clipboard contents may be exposed to other apps, browser extensions, remote desktop tooling, or accidental pasting, which is especially sensitive for banking summaries.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The external font import silently triggers a third-party network request without disclosure. Even if no transaction fields are directly sent, the report is a local financial artifact, so undisclosed external requests create unnecessary privacy exposure and reduce trust.

Session Persistence

Medium
Category
Rogue Agent
Content
### 6. Generate HTML Report

Create local HTML file with:
- Month summary (income, expenses, net)
- Category breakdown with budget status
- Top merchants
Confidence
88% confidence
Finding
Create local HTML file with: - Month summary (income, expenses, net) - Category breakdown with budget status - Top merchants - Alerts section - Recurring transactions detected - Privacy toggle (blur a

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.