Splitwise CLI

Security checks across malware telemetry and agentic risk

Overview

This Splitwise skill is purpose-aligned, but it gives an agent broad access to change or delete shared expense records with weak scoping and confirmation guidance.

Install only if you are comfortable letting an agent operate your authenticated Splitwise CLI. Confirm the group, people, payer, amount, currency, split, settlement target, and any expense ID before state-changing actions, especially deletion; also verify that the `splitwise` binary on PATH is the CLI you intend to trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 93% confidence
Finding: The trigger description is extremely broad, including casual mentions like "split this with a roommate" or "add the internet bill," which can cause the skill to activate in ambiguous contexts without clear user intent to use Splitwise. Because this skill can create, settle, and delete financial records, unintended invocation raises the risk of privacy exposure and accidental modification of expense data.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation exposes a destructive command (`splitwise expenses delete 12345`) without any warning, confirmation guidance, or recommendation to verify the target expense first. In a skill that manages real financial records, this increases the chance that an agent or user will perform irreversible or hard-to-recover deletions by mistake.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal