Security audit

个人记账

Security checks across malware telemetry and agentic risk

Overview

This is a local personal bookkeeping skill that saves expense and income records to local Markdown files, with no evidence of network access, credential use, or unrelated behavior.

Install only if you are comfortable with the agent interpreting receipt-like images and saving extracted expense or income details locally. For better privacy and accuracy, add a rule requiring confirmation before writing records, especially for image-only messages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 83% confidence
Finding: The skill instructs the agent to read and write local files (`bills/YYYY-MM-DD.md`) and invoke a script, but no explicit permission model or user-visible authorization boundary is declared. That creates a real risk of silent persistence of sensitive financial data and broadens the blast radius if the skill is mis-triggered or abused.

Vague Triggers

High

Confidence: 92% confidence
Finding: The trigger conditions are overly broad and mandatory, including common phrases and any standalone image, which can cause the skill to activate without clear user intent. In this skill's context, misfires are especially risky because activation can immediately analyze content and persist private financial records to disk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill requires automatic analysis of image-only inputs and direct bookkeeping from image contents, but it does not clearly inform users that uploaded images may be parsed for financial details and then saved. This is dangerous because receipts and screenshots can contain sensitive merchant, time, amount, and payment information that users may not expect to be extracted and persisted automatically.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill requires automatic analysis of image-only inputs and direct bookkeeping from image contents, but it does not clearly inform users that uploaded images may be parsed for financial details and then saved. This is dangerous because receipts and screenshots can contain sensitive merchant, time, amount, and payment information that users may not expect to be extracted and persisted automatically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal