Back to skill

Security audit

AgentLedger

Security checks across malware telemetry and agentic risk

Overview

AgentLedger is a local expense-tracking skill with sensitive financial data handling that matches its stated purpose, though users should be careful with imports and exports.

Install only if you want a local financial ledger for agent expenses. Treat ledger files, backups, Privacy.com imports, and CSV/JSON exports as sensitive financial records; do not store card numbers or passwords; and only import from or export to paths you explicitly intend to use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The exportTransactions method writes ledger contents to a caller-supplied filePath with no validation or confinement to the skill's workspace. In an agent setting, untrusted prompts or tool invocations could cause sensitive financial records to be written to arbitrary locations, enabling data exfiltration, overwriting of unrelated files, or placement into shared/public directories.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill encourages importing Privacy.com JSON exports from local files without warning that those files may contain sensitive financial metadata, merchant history, card aliases, and other private transaction details. In an agent setting, broad import guidance can lead to over-collection of local financial records beyond what is necessary for the user’s task, increasing privacy and data-minimization risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This function exports sensitive transaction data including vendors, descriptions, account identifiers, receipt URLs, and confirmation IDs to any path requested, without any warning, consent gate, or destination sensitivity check. Because this skill is specifically designed to hold financial audit data, silent export materially increases the risk of accidental disclosure or prompt-driven exfiltration.

Vague Triggers

Low
Confidence
83% confidence
Finding
The package description is broad and does not clearly constrain when the skill should be invoked or what actions should require explicit user intent. In an agentic environment, vague activation scope can cause the skill to be selected in overly broad finance- or purchase-related contexts, increasing the chance of unintended filesystem writes or financial record manipulation.

Unbounded Output

Medium
Category
Output Handling
Content
- **Negative amounts**: Rejected (use positive amounts only)
- **Missing required fields**: Clear error messages with usage examples
- **Invalid currency**: Accepted (no validation - assumes user knows what they're doing)
- **Very long descriptions**: Handled without truncation

### Data Safety
- **Automatic backups**: Created before each save operation
Confidence
88% confidence
Finding
without truncation

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.