Security audit

Card Value

Security checks across malware telemetry and agentic risk

Overview

This credit-card value estimator is transparent and purpose-aligned, with only limited web-search and optional search API key use.

Safe to install based on the visible artifacts. Expect web lookups and optional use of a Brave Search API key if configured. Avoid entering account numbers or unnecessary personal financial details, and treat the results as estimates rather than financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases include broad natural-language terms like "is it worth it" and "how much is the card worth," which can match many unrelated conversations and cause the skill to activate unintentionally. Overbroad invocation can route user data or prompts into the wrong workflow, increasing the chance of unnecessary web access and unintended handling of financial-query context.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal