Security audit

现金流领航 / Cashflow Pilot

Security checks across malware telemetry and agentic risk

Overview

This skill is a local cash-flow assistant that handles sensitive business finance records, but its behavior is disclosed, purpose-aligned, and not deceptive.

Install only if you are comfortable storing business finance data locally in JSON files. Set CFP_DATA_DIR to a private, backed-up directory, only import files you explicitly choose, and review generated ledger entries or reminders before relying on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 75% confidence
Finding: Using broad trigger language such as 'or similar intent' can cause the skill to activate for ambiguous requests and run file-processing or data-modifying workflows without sufficiently precise user intent. In a financial-management skill, overbroad activation increases the chance of unintended imports, record changes, or exposure of sensitive business summaries.

Vague Triggers

Medium

Confidence: 75% confidence
Finding: The hand-entry workflow can modify persistent financial records, so triggering it on vague 'similar intent' language is risky. Ambiguous activation may lead to accidental creation of accounting entries based on conversational text that was not meant as an instruction.

Vague Triggers

Medium

Confidence: 68% confidence
Finding: Open-ended report-query triggers can cause the skill to disclose financial summaries when the user request is ambiguous or only exploratory. While this is less severe than write actions, it can still reveal sensitive business information in the wrong context or conversation branch.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The receivables workflow can expose customer identities, payment status, and overdue amounts, which are sensitive business records. Broad 'similar intent' triggering raises the risk of disclosing debtor information or generating collection notices without sufficiently explicit authorization.

Vague Triggers

Medium

Confidence: 68% confidence
Finding: Forecasting on ambiguous triggers is less dangerous than direct file writes, but it still processes sensitive historical finance data and may disclose internal planning information unexpectedly. The open-ended trigger condition makes unintended execution more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal