Back to skill

Security audit

Financial Health Check Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a descriptive financial-health helper that does not access bank accounts, make transactions, call APIs, or persist data, but users should avoid sharing unnecessary raw financial records.

Install only if you want a general, informational financial-health framework. When using it, share totals, categories, and summaries where possible; redact account numbers, merchant identifiers, addresses, and other sensitive details from transaction exports. Do not treat its output as professional financial, tax, legal, or investment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly tells users to export and review three months of transaction history, which is highly sensitive financial data, but it provides no privacy warning, minimization guidance, or handling safeguards. In a financial-analysis skill, this increases the chance users will paste or expose account-level data unnecessarily, creating avoidable privacy and security risk.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger section is broad enough to match many generic financial-assistance requests, which can cause the skill to activate outside its intended scope. In an agent ecosystem, ambiguous activation can lead to inappropriate reliance on this skill’s heuristic guidance for sensitive financial topics, increasing the chance of misleading or overconfident advice.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes generic terms like "financial," "health," "check," and "analyzer," which are likely to match ordinary user conversations unrelated to this specific skill. This can cause unintended activation, prompt hijacking of benign finance discussions, and user confusion about why the skill was invoked.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.