Back to skill

Security audit

nl2ledger

Security checks across malware telemetry and agentic risk

Overview

This skill openly helps users append confirmed bookkeeping entries to a local QianJi CSV, with no evidence of hidden network access or unrelated behavior.

Install this only if you want an agent to help edit your local QianJi CSV. Before confirming an entry, check the target file, amount, category, timestamp, account, currency, recorder, and note, and keep backups of important ledger data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to locate a ledger CSV and append entries by invoking a Python script, which is file-write behavior, yet it declares no corresponding permission or capability boundary. This creates a transparency and least-privilege problem: users and the platform may not realize the skill can modify local files, increasing the chance of unintended ledger changes.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases include very common words such as 'lunch', 'dinner', 'spent', '买了', and broad amount-item patterns, so the skill may activate during ordinary conversation that merely mentions purchases or meals. In this skill's context, accidental activation is more dangerous because the workflow culminates in persistent file writes to a financial ledger.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill hard-codes default bookkeeping fields such as 币种=CNY and 记账者=小明 without confirming that these defaults match the actual user, account setup, or locale. In a financial-recording skill, this can silently create incorrect ledger entries, misattribute transactions, and corrupt bookkeeping data, especially for shared devices, multi-user environments, or non-CNY users.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.