Back to skill

Security audit

Ledgi

Security checks across malware telemetry and agentic risk

Overview

Ledgi is a coherent personal finance skill, but it allows an agent to read and change sensitive finance records without a clear pre-write confirmation rule.

Install only if you trust Ledgi and are comfortable giving an agent access to your finance-tracker data. Prefer a limited-scope API key if available, review the remote installer before running it, and require the agent to summarize and get your explicit approval before any account, holding, snapshot, or ISA deposit write command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly supports creating and updating highly sensitive personal finance data, but it does not instruct the agent to obtain explicit user confirmation immediately before performing mutating operations. In a finance context, silent writes are risky because they can corrupt records, create duplicate accounts or holdings, or log incorrect deposits and snapshots with real downstream consequences for the user.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documented `accounts upsert` and `accounts bulk-upsert` operations perform financial data writes, but the skill provides no explicit warning that these commands create or modify persisted account records. In a personal finance context, an agent could invoke them from ambiguous user requests and overwrite balances, institutions, or external IDs, causing inaccurate net worth calculations and downstream financial confusion.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
`holdings bulk-upsert` accepts a file and updates multiple investment records, but the documentation does not warn that this is a mass-write operation. In a finance skill, bulk modification of holdings can materially alter portfolio valuations, allocation analysis, and tax-related reporting if the file is wrong, stale, or maliciously constructed.

Missing User Warnings

Low
Confidence
81% confidence
Finding
`snapshots create` writes a new historical net worth record, but the command reference does not make that side effect clear. While lower risk than account or holdings edits, silent snapshot creation can pollute historical timelines and analytics if triggered unintentionally or repeatedly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
`isa deposit` records contribution data that directly affects ISA allowance tracking, yet the documentation lacks any warning that it changes regulated financial records. An unintended or duplicate deposit entry could misstate annual allowance usage and mislead users about compliance with contribution limits.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.