Local Budget

Security checks across malware telemetry and agentic risk

Overview

This is a local budgeting skill that processes sensitive bank CSVs and writes local reports, so users should choose storage locations carefully.

Install only if you are comfortable letting your agent review transaction descriptions, amounts, and categories. Keep raw CSVs, intermediate JSON, and generated markdown reports in a private local folder, avoid shared or synced vaults unless intended, and review categories before relying on budget conclusions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill instructs the agent to create JSON and markdown outputs and explicitly suggests writing reports into user-chosen locations such as an Obsidian vault, but the metadata does not declare file-write capability. Undeclared write behavior is a security and trust issue because users and policy systems may not realize the skill can persist sensitive financial data to disk in arbitrary paths.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The skill claims LLM-based categorization and budget-aware analysis, but the described implementation is rule-based and the categorizer's --budget argument is not actually used during categorization. This mismatch can mislead users into overtrusting the accuracy and sophistication of the analysis, which is especially risky in a financial context where incorrect categorization or assumptions may lead to bad decisions or accidental disclosure during manual review.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger phrases are broad enough to match common finance discussions, increasing the chance the skill activates in contexts where the user did not intend to process sensitive bank or credit card exports. Because this skill handles highly sensitive financial records and writes outputs to disk, overbroad invocation increases the risk of unnecessary exposure, accidental processing, or generation of persistent artifacts containing private data.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill processes bank and credit card exports, which contain highly sensitive financial data, yet the markdown lacks an explicit warning about the sensitivity of these files and the privacy implications of storing parsed JSON and markdown reports. In this context, omission of handling guidance is dangerous because users may save derived data into insecure or synced locations, expanding the exposure of account activity and merchant history.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal