Back to skill

Security audit

Receipt

Security checks across malware telemetry and agentic risk

Overview

This is a local receipt and expense note logger that stores user-entered finance text on disk, with no evidence of network access, credential theft, hidden execution, or destructive behavior.

Install only if you are comfortable keeping receipt, budget, balance, and tax notes as plain-text files under ~/.local/share/receipt. Avoid entering account credentials or highly sensitive identifiers, and review or delete logs and exported files before sharing or syncing that directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The manifest and description present this as a receipt-scanning and expense-analysis skill, but the documented behavior is primarily a generic local logging and export utility that stores arbitrary user-provided finance text. That mismatch can cause users or orchestrators to invoke it in contexts involving sensitive financial data without understanding that data will be persistently stored, searchable, and exportable, increasing privacy and data-handling risk.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script presents itself as a receipt/finance toolkit, but the advertised capabilities are not implemented; instead it stores arbitrary user-provided financial text to local logs and later re-exports or searches it. This mismatch can cause users or higher-level agents to trust outputs as if they were analyzed receipts, creating integrity and privacy risk because sensitive expense data is retained without meaningful processing.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
Commands named balance, forecast, budget-check, compare, and tax-note imply financial analysis, but each path only appends raw input to a log file and echoes success. In a finance context, this is dangerous because users or orchestrating agents may rely on nonexistent analysis for budgeting, tax, or spending decisions while sensitive data is unnecessarily persisted.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The help text markets the program as an operational finance toolkit with commands that sound analytical, but the underlying implementation is largely a logging wrapper. In this skill context, misleading operational claims increase danger because users may submit receipts, budget details, or tax notes expecting computation or guidance, when the tool merely archives that data.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The broad 'Use when' language can cause over-triggering for ordinary finance conversations, leading the agent to activate this skill when the user did not intend local persistence of financial notes. In this context, accidental invocation is more dangerous because the skill handles potentially sensitive expense and tax information and stores it on disk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill clearly states that financial entries are persisted under a local directory and can be exported, but it does not provide a prominent warning that receipts, tax notes, balances, and related history may contain sensitive personal or business financial data. This creates a meaningful confidentiality risk through unintentional retention, later disclosure via search/export, and accumulation of historical records the user may not realize exist.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Finance-related user input is written verbatim into files under ~/.local/share/receipt, including history, category, and other logs, without any privacy notice, minimization, encryption, or retention controls. Because the skill context involves receipts and expense data, this can expose sensitive merchant, amount, tax, reimbursement, or budgeting information to other local users, backups, or later exports/searches.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.