Back to skill

Security audit

GL importer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only accounting import skill that is coherent, but it can make live changes in QuickBooks or Xero and should be used carefully.

Install only if you intend to send accounting spreadsheets through Synder into QuickBooks Online or Xero. Use a revocable token, start with dryRun=true, verify the target company and mapping, and require explicit approval before dryRun=false, settings changes, mapping deletion, cancel, or revert.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documented API exposes capabilities that materially exceed the skill's stated import-only purpose, including account/profile access, company enumeration, settings modification, and import reversion. This broadens the effective privilege surface and can enable unauthorized data discovery or operational changes if the agent is granted these endpoints under an import-only expectation.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The revert endpoint can delete all entities created by a finished import from the accounting system, making it a destructive operation with direct integrity impact. For a skill described primarily as importing spreadsheet data, exposing deletion capability without strong justification or safeguards creates a significant risk of accidental or unauthorized rollback of accounting records.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
A destructive operation is documented as a normal endpoint without an accompanying warning, caution banner, or operational constraints, which increases the chance of misuse by an agent or user. In an accounting context, silent rollback of imported records can cause data loss, reconciliation issues, and audit problems even if the endpoint behaves as designed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.