API Credit Health Bar Lite

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local API-credit tracker with optional provider balance checks and no evidence of hidden, destructive, or exfiltrating behavior.

Install only if you are comfortable storing local balance metadata in config.json and, if using auto-checks, making outbound requests to provider APIs with environment-provided keys. Use manual sync for no-network operation, prefer narrow-scope provider credentials, and protect or delete config.json if balances are sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (8)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The implementation checks OpenAI, OpenRouter, and Vercel, while the skill metadata claims support for Anthropic, OpenAI, OpenRouter, Mistral, and Groq. This discrepancy expands or shifts operational scope in a way users may not expect, undermining informed consent and making the skill behave differently than advertised. In a credential-handling tool, scope drift is security-relevant because it can trigger access to different accounts and secrets than the user intended.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: This file provides a write-capable "top-up" function that mutates provider balances in config.json, which exceeds the declared skill purpose of displaying balances with auto-check/manual sync. While it does not directly steal secrets or execute code, it enables silent falsification of financial/usage state and could mislead users or downstream automation that relies on these balances for spending or operational decisions.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The README encourages very broad natural-language invocation such as 'just talk to your agent naturally' without narrowing when the skill should activate or what actions require confirmation. In an agent environment, this can increase accidental triggering, unintended balance updates, or network-backed checks when a user’s wording is ambiguous.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README advertises automatic API balance checks using provider API keys but does not clearly warn users that the skill may make outbound network requests using sensitive credentials. In this context, the skill has network permission, so under-documented credential use materially raises the risk of users enabling external calls without informed consent.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill instructs the agent to perform network-based balance checks using API keys, but it does not require a clear user-facing confirmation before contacting external services. In an agent setting, this can lead to unintended disclosure of account metadata or usage information and surprise network activity initiated on the user's behalf.

Unvalidated Output Injection

High

Category: Output Handling
Content: #!/usr/bin/env python3\n\"\"\"\nCheck all available API providers at once.\n\nRuns check_openai.py, check_openrouter.py, and check_vercel.py\nand displays a summary.\n\nUsage:\n python3 check_all_apis.py\n python3 check_all_apis.py --update (updates config)\n\"\"\"\n\nimport os\nimport subprocess\nimport sys\nimport json\nfrom render_healthbar import render_bar\n\nAPIS = [\n {\n 'name': 'OpenAI',\n 'script': 'check_openai.py',\n 'env_key': 'OPENAI_API_KEY'\n },\n {\n 'name': 'OpenRouter',\n 'script': 'check_openrouter.py',\n 'env_key': 'OPENROUTER_API_KEY'\n },\n {\n 'name': 'Vercel',\n 'script': 'check_vercel.py',\n 'env_key': 'VERCEL_AI_GATEWAY_KEY'\n }\n]\n\ndef load_config():\n \"\"\"Load current config\"\"\"\n script_dir = os.path.dirname(os.path.abspath(__file__))\n config_path = os.path.join(script_dir, '..', 'config.json')\n \n try:\n with open(config_path, 'r') as f:\n return json.load(f)\n except FileNotFoundError:\n return {'providers': {}}\n\ndef check_all_apis(update=False):\n \"\"\"\n Run all API checks and display results.\n \"\"\"\n script_dir = os.path.dirname(os.path.abspath(__file__))\n \n print(\"🔍 Checking all API providers...\\n\")\n \n results = []\n failed = 0\n \n for api in APIS:\n if not os.getenv(api['env_key']):\n print(f\"⏭️ {api['name']}: Skipped (${api['env_key']} not set)\")\n continue\n \n cmd = ['python3', os.path.join(script_dir, api['script'])]\n if update:\n cmd.append('--update')\n \n try:\n result = subprocess.run(cmd, capture_output=True, text=True, timeout=10)\n \n if result.returncode == 0:\n print(f\"✅ {api['name']}: {result.stdout.strip()}\")\n results.append(api['name'])\n else:\n print(f\"❌ {api[ ...[truncated 25 chars]
Confidence: 90% confidence
Finding: subprocess.run(cmd, capture_output

Unvalidated Output Injection

High

Category: Output Handling
Content: #!/usr/bin/env python3\n\"\"\"\nCheck all available API providers at once.\n\nRuns check_openai.py, check_openrouter.py, and check_vercel.py\nand displays a summary.\n\nUsage:\n python3 check_all_apis.py\n python3 check_all_apis.py --update (updates config)\n\"\"\"\n\nimport os\nimport subprocess\nimport sys\nimport json\nfrom render_healthbar import render_bar\n\nAPIS = [\n {\n 'name': 'OpenAI',\n 'script': 'check_openai.py',\n 'env_key': 'OPENAI_API_KEY'\n },\n {\n 'name': 'OpenRouter',\n 'script': 'check_openrouter.py',\n 'env_key': 'OPENROUTER_API_KEY'\n },\n {\n 'name': 'Vercel',\n 'script': 'check_vercel.py',\n 'env_key': 'VERCEL_AI_GATEWAY_KEY'\n }\n]\n\ndef load_config():\n \"\"\"Load current config\"\"\"\n script_dir = os.path.dirname(os.path.abspath(__file__))\n config_path = os.path.join(script_dir, '..', 'config.json')\n \n try:\n with open(config_path, 'r') as f:\n return json.load(f)\n except FileNotFoundError:\n return {'providers': {}}\n\ndef check_all_apis(update=False):\n \"\"\"\n Run all API checks and display results.\n \"\"\"\n script_dir = os.path.dirname(os.path.abspath(__file__))\n \n print(\"🔍 Checking all API providers...\\n\")\n \n results = []\n failed = 0\n \n for api in APIS:\n if not os.getenv(api['env_key']):\n print(f\"⏭️ {api['name']}: Skipped (${api['env_key']} not set)\")\n continue\n \n cmd = ['python3', os.path.join(script_dir, api['script'])]\n if update:\n cmd.append('--update')\n \n try:\n result = subprocess.run(cmd, capture_output=True, text=True, timeout=10)\n \n if result.returncode == 0:\n print(f\"✅ {api['name']}: {result.stdout.strip()}\")\n results.append(api['name'])\n else:\n print(f\"❌ {api[ ...[truncated 25 chars]
Confidence: 79% confidence
Finding: subprocess.run(cmd, capture_output

Session Persistence

Medium

Category: Rogue Agent
Content: - VERCEL_AI_GATEWAY_KEY permissions: - network: Contact OpenAI, OpenRouter, and Vercel APIs to check balances (optional) - filesystem: Read/write config.json and health bar display --- # API Credits Lite
Confidence: 78% confidence
Finding: write config.json and health bar display --- # API Credits Lite Use this skill when the user asks about API credits, balances, spending, or wants to update their credit info for Anthropic, OpenAI, O

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal