Bookkeeper

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate bookkeeping automation skill, but it handles sensitive email, invoice, payment, and accounting data and should be used only with clear user approval.

Install only if you intend to let this skill process financial email and invoices through Gmail, OCR, Stripe, and Xero. Before use, confirm the mailbox query is narrow, require approval before sending attachments or creating/updating accounting records, and protect all API keys as sensitive credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This skill explicitly orchestrates scanning Gmail and transmitting invoice attachments and extracted financial data to external services (OCR, payment verification, and accounting) but does not require a clear user-facing consent, data minimization, or sensitivity warning at the point of use. Because invoices and emails routinely contain personal, financial, tax, and vendor data, this creates a real privacy and compliance risk through unintended cross-system disclosure beyond the user's likely expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal