Fiscal

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Actual Budget assistant, but it handles sensitive financial data and can make real budget changes, so users should approve changes carefully.

Install only if you trust the fscl CLI source and are comfortable letting an agent manage Actual Budget data. Prefer interactive login or another safer secret flow over --password on the command line, preview imports and bulk edits with dry-run/draft workflows, and explicitly approve deletes, merges, month applies, rules run with --and-commit, and any server-synced changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (12)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The command reference explicitly exposes `fscl query` with `--module` and `--inline`, allowing arbitrary ActualQL execution rather than a narrowly scoped accounting operation set. In an agent skill, this materially expands capability beyond the stated personal-accounting use case and can enable unrestricted access to budget data or unsafe query modules if the agent is allowed to invoke it on untrusted input.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description is broadly scoped to common personal finance tasks such as budgeting, bills, subscriptions, spending, and bank imports, which increases the chance of over-activation on ordinary finance-related user queries. Because this skill can drive a financial CLI and potentially perform write operations, accidental invocation could expose sensitive financial data or trigger unintended account changes if the agent enters the skill unnecessarily.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation includes a destructive `fscl categories delete ... --transfer-to ... --yes` command as an example without clearly warning that it will immediately delete a category and mutate budget data. In a budgeting skill, users may copy commands verbatim, so presenting a force-confirmed deletion flow without caution increases the risk of accidental data loss or unintended reclassification of transactions.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation instructs users to pass a password directly on the command line via `--password <pw>`. Command-line arguments are commonly exposed through shell history, process listings, audit logs, and terminal recordings, so this guidance can lead to credential disclosure even if the placeholder is not a literal secret. In a finance/accounting skill, leaked Actual Budget server credentials could expose sensitive financial data and permit unauthorized budget changes.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The example embeds a literal password (`--password secret`) in a copy-pastable command. This normalizes insecure secret handling and increases the chance that real credentials will be entered the same way, leaking via shell history, process tables, CI logs, or support transcripts. Because this skill manages personal budgeting data, compromise of the login credential can expose highly sensitive financial information.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation includes a state-changing command (`fscl rules run --and-commit`) that applies rules retroactively and commits modifications, but it is presented without an immediate warning about its destructive nature or a stronger recommendation to preview changes first. In a budgeting/accounting skill, this can cause unintended bulk edits to financial records, miscategorization, or transfer/payee changes that are difficult for users to detect and unwind.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow instructs the agent to run `fscl rules run --and-commit`, which applies and persists rule-based changes to financial transactions without an explicit confirmation or review gate. In a budgeting skill, this is risky because misconfigured or newly added rules can silently recategorize large sets of transactions, corrupting records and misleading downstream budget decisions.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The budget adjustment section includes `fscl month set`, `month draft`, and `month apply` commands that directly modify budget allocations, but it does not require explicit user acknowledgment before applying changes. In personal finance context, unauthorized or mistaken reallocations can hide overspending, distort planning, and reduce trust in the budgeting data.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The new-month setup instructs use of `month apply` and optional `month cleanup` without warning that these commands may alter or remove month data. This is especially sensitive in a finance-management skill because month setup and cleanup affect period boundaries, recurring allocations, and historical records, making accidental execution materially harmful.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The workflow explicitly asks users to provide bank export files containing highly sensitive financial data, but it does not warn about the sensitivity of those files, recommend minimizing scope, or instruct safe handling. In a personal finance skill, this omission increases the risk of over-collection, accidental exposure of account numbers and transaction history, and unsafe sharing of financial records.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The workflow directs the agent to retrieve and summarize highly sensitive financial data across accounts, transactions, payees, and monthly budget status without first requiring an explicit privacy notice or user confirmation scoped to that sensitive review. In a personal finance skill, this increases the chance of over-collecting and over-displaying confidential information, especially if the user asked for narrower help than a full budget audit.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The workflow includes destructive or state-changing commands such as deleting categories, merging payees, applying categorizations, applying rules, and running rules with '--and-commit', but it does not consistently require explicit confirmation immediately before each irreversible action. In a budgeting system, mistakes can silently rewrite historical data, alter automation behavior, or remove structures the user depends on, making recovery difficult.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal