Business Income Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward income and expense tracking skill with no evidence of hidden access, exfiltration, or destructive behavior.

Use this skill only for financial details you are comfortable keeping in your agent workflow. Confirm any recurring daily reminder before enabling it, and avoid entering bank credentials, tax identifiers, customer secrets, or unnecessary private notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases are broad enough to match routine discussion of income, expenses, or ROI, which can cause the skill to activate when the user did not explicitly request financial tracking. This is risky because it may capture or structure sensitive financial information in the wrong context, creating privacy and consent issues even though the skill itself is not overtly malicious.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal