Back to skill

Security audit

Quit Overspending

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple overspending-support guide with no executable code or network behavior found.

Safe to install based on the provided artifacts. Consider that you may record sensitive spending habits, goals, debt-related context, or emotional triggers, so review your platform’s local storage and deletion options if privacy matters to you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
91% confidence
Finding
The trigger phrase "stop overspending" begins with the built-in command word "stop," which can create ambiguity between invoking this skill and issuing a global stop/cancel action. If the platform performs loose trigger matching, a user attempting to halt another action could instead activate this skill, causing unintended behavior and reducing trust in command handling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.