AI Revenue Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a local revenue tracker that stores user-entered income records and reports on disk, with no evidence of hidden network access or destructive behavior.

Install only if you are comfortable keeping revenue amounts, sources, and descriptions in local files. Avoid entering customer identifiers, payment details, secrets, or untrusted text you might later paste into another agent or shell, and delete the logs and reports when they are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The skill explicitly documents persistent local writes to `logs/revenue.log` and `reports/daily_summary.md` but does not warn users that running the skill will create and retain data on disk. This can lead to unintended storage of potentially sensitive business information, especially on shared systems or in environments where users assume tools are read-only.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal