Back to skill

Security audit

Paycheck

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as a paycheck calculator but mostly acts as a local paycheck-note logger, which could retain sensitive pay details unexpectedly.

Review before installing. Use this only if you intentionally want a local record-keeping tool for paycheck notes, not a paycheck or tax calculator. Avoid entering salary, tax ID, withholding, benefits, or payroll details unless you are comfortable with them being saved under ~/.local/share/paycheck and later searchable from that machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (12)

Tp4

High
Category
MCP Tool Poisoning
Confidence
99% confidence
Finding
The skill’s manifest and title promise paycheck calculation, but the documented behavior is a generic local logging system that persistently stores arbitrary user input, maintains history, supports search, and exports data. This mismatch is dangerous because users may disclose highly sensitive payroll and compensation information under the assumption they are using a calculator, not a durable datastore, increasing confidentiality and privacy risk.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest advertises salary breakdown calculations, but the body describes a tracking/logging toolkit for arbitrary entries instead of computation. In a payroll context, this discrepancy can mislead users into entering salaries, taxes, benefits, and other sensitive compensation data that will be retained in local files without an upfront expectation of storage.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The command set contradicts the implied purpose of paycheck computation: commands record, search, review, and export entries rather than calculate net pay, taxes, or deductions. This can cause unsafe user assumptions and inappropriate use of the skill for handling confidential payroll information in plain local logs.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The advertised functionality is paycheck calculation, but the implemented behavior is a generic logging toolkit. This mismatch is dangerous because users may provide salary, tax, deduction, or other sensitive payroll information believing it will be processed transiently, while the tool instead stores and manages that data locally in ways unrelated to the declared purpose.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The core commands do not perform calculations; they append arbitrary user input into persistent log files across many verbs. In the context of a paycheck skill, this creates an unjustified collection surface for sensitive financial data and can mislead users into disclosing information that is retained rather than analyzed.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script creates a persistent data directory and history log for a skill whose stated purpose does not require broad data retention. Because paycheck-related inputs often contain sensitive compensation and withholding details, silent persistence increases the risk of local privacy exposure and later unintended disclosure through other commands.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Search, recent activity, statistics, and export features turn the skill into a general-purpose local datastore rather than a paycheck estimator. In this context, those capabilities expand the blast radius of any sensitive payroll information entered by making it easier to enumerate, aggregate, and extract previously stored data.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The header and help text describe a generic utility toolkit, which conflicts with the manifest’s paycheck-specific description. This inconsistency is risky because it signals the code may have been repurposed without proper review, increasing the chance that users invoke a tool under false assumptions about what data it handles and why.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The broad invocation description increases the chance the skill will be selected for generic paycheck-related requests, including sensitive salary and withholding discussions. Because the skill stores inputs persistently, overbroad triggering expands the population of users who may unknowingly expose personal payroll data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill lacks a clear warning that payroll-related inputs are written to local log files and export files, despite handling potentially sensitive financial information. Users may reasonably expect a paycheck tool to compute transiently, not to retain compensation details, tax data, and employment information on disk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
These command paths write raw user input directly to log files without warning or consent. In a paycheck context, users may enter salaries, deductions, tax identifiers, or payroll notes, so undisclosed storage creates a meaningful privacy and compliance risk even if the data stays local.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The export functionality aggregates previously stored log contents into new files without a clear warning about the scope or sensitivity of the copied data. This increases the chance of accidental disclosure because historical payroll-related inputs become easier to move, share, or leave behind in additional locations on disk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.