Back to skill

Security audit

BudgetRcd

Security checks across malware telemetry and agentic risk

Overview

This local budget tracker is purpose-aligned, but it can persistently change personal finance records while its code does not enforce the storage boundary it promises.

Review before installing if you care where budget data is stored or want confirmation before records change. The skill appears local-only and not malicious, but it should honor its documented config path, validate all writes stay under the approved budget folder, narrow its triggers, and require confirmation for ambiguous, bulk, update, delete, or receipt-import actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill clearly instructs the agent to write budget, expense, and image files, but no explicit permissions are declared. Undeclared file-write capability weakens policy enforcement and user awareness, increasing the chance of unintended local data modification if the skill is invoked unexpectedly or behaves incorrectly.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The documented purpose does not fully match the described behavior, especially around image handling, config/pool file writes, and additional record-management actions. This mismatch can mislead users and reviewers about the skill's real capabilities, which is risky for a skill that reads and writes local personal-finance data.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Triggers such as '预算', '本月', 'remaining', and 'spent' are broad everyday phrases that could cause accidental invocation during unrelated conversation. Because this skill performs file reads and writes to personal budget records, unintended activation could lead to unauthorized or incorrect financial entries or data exposure.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
copy_image_to_budget accepts an arbitrary source_path and copies any existing file into a managed directory without validating that the source is actually an image or constrained to an approved location. In an agent context, this can be abused to exfiltrate or duplicate unintended local files into the budget workspace under a misleading .jpg name, increasing exposure of sensitive data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.