Aoineco Ledger — AI Agent Financial Tracking Engine

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local finance ledger, but users should know its records are stored as local plaintext files and budget limits are alerts, not enforcement.

Install only if local plaintext financial records are acceptable. Avoid storing secrets, private wallet details, sensitive receipt links, or data you expect to be encrypted, and treat the budget feature as reporting/alerting rather than a control that can stop spending.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The module advertises encrypted storage via VaultCrypto integration, but the implementation writes sensitive financial records to plain JSON/JSONL files on disk. This is dangerous because users or downstream agents may rely on the security claim and store confidential ledger, vendor, and agent-attribution data without applying compensating protections.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal