Security audit

Family Bookkeeping

Security checks across malware telemetry and agentic risk

Overview

This bookkeeping skill is purpose-aligned, but it needs review because it can read and change a live shared financial ledger and leaves some sensitive ledger data behind in temporary files.

Install only if you intend to connect the agent to a real Feishu household ledger. Use a least-privilege Feishu app limited to the intended table, confirm the target ledger before writes, prefer dry-run/precheck paths before imports or edits, and clean or patch temporary-file handling. Also test before relying on it: add_manual_record.py appears to contain a syntax error in this artifact.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (8)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill supports importing WeChat and Alipay statements, which contain highly sensitive financial and counterparty data, but it lacks a clear user warning about the privacy implications of importing those files into a shared household ledger. In this context, that can lead users to unintentionally expose transaction histories, merchants, notes, and identifiers to other household members or to a persistent shared system.

Missing User Warnings

Low

Confidence: 79% confidence
Finding: The skill states that it will use environment-configured Feishu app credentials and a default ledger automatically, but it does not clearly warn the user that actions may affect preconfigured shared resources. In a family-bookkeeping setting, this increases the risk of users unknowingly reading from or writing to a live shared ledger, potentially exposing private finances or causing unintended modifications.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation explicitly names sensitive Feishu credentials and instructs operators to source them from a workspace .env file, but it provides no warnings about secret handling, least-privilege use, logging exposure, or avoiding accidental disclosure in shared environments. In a family-bookkeeping skill that reads and writes a live shared ledger, exposing credential usage guidance without safeguards increases the chance of credential leakage or unsafe operational practices.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The usage guide includes commands that can perform live imports, writes, and record updates against Feishu production data, but it does not prominently warn users that these actions mutate the shared ledger or recommend dry-run/confirmation workflows. Because this skill is specifically designed for household financial records, accidental execution could corrupt, duplicate, or overwrite real bookkeeping data affecting all shared users.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script writes sensitive bookkeeping data to a temporary JSON file with delete=False, then passes that path to another process, but never removes the file afterward. In a family-bookkeeping context, this can leave financial records, notes, and potentially identifying information on disk where other local users, backups, or later processes may access them.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script writes the full set of bookkeeping records to a named temporary JSON file with delete=False and then passes that file to another process. This creates a local data-exposure risk because sensitive household financial records may remain on disk after execution and be accessible to other local users, backup systems, or forensic recovery.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The --write flag enables actual network-backed record creation in Feishu using supplied credentials, but the script performs no explicit confirmation, dry-run default warning, or user-facing summary gate immediately before mutation. In an agent skill context, this raises the chance of unintended external writes if the flag is set programmatically or via misunderstood automation.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script performs a live remote update to the Feishu Bitable record as soon as a single match is found, with no explicit confirmation, approval gate, or default-safe behavior beyond an optional dry-run flag. In a family bookkeeping skill that supports natural-language CRUD, ambiguous matching or misparsed user input can cause unintended modification of financial records, affecting data integrity and auditability.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal