Token Budget Monitor
Security checks across malware telemetry and agentic risk
Overview
This skill is a local token-usage monitor with a risky integration example, but its actual code is scoped to reading config and writing a local usage log.
Before installing, understand that this keeps local records of job names, model names, run counts, and token totals. Do not use the documented exec integration pattern with untrusted values; use an argument-array API such as spawn or execFile, or strictly validate job and model names. Treat the tool as monitoring and recommendation support, not automatic budget enforcement.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.