XMoney

Security checks across malware telemetry and agentic risk

Overview

XMoney is an instruction-only monetization planning skill with clear boundaries and no code, credentials, payment access, or persistence.

Reasonable to install as a planning aid for monetization strategy and pricing logic. Treat its output as business analysis, not legal, tax, accounting, banking, compliance, investment, or payment-processing advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: This is a manifest file, so trigger quality applies. Several triggers such as "pricing model," "revenue model," and "creator revenue" are generic business phrases rather than narrowly scoped invocation terms, and the manifest provides no negative examples or context limits to distinguish when the skill should or should not activate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal