Back to skill

Security audit

Plutus Pro — Full Expense Intelligence

Security checks across malware telemetry and agentic risk

Overview

This finance-reporting skill appears purpose-aligned and local-only, but it saves sensitive expense reports to disk by default.

Install only if you are comfortable giving it transaction data and having generated reports saved locally. Run it in a directory you control, protect or delete the plutus_pro_report, plutus_pro_summary, and plutus_pro_data files when done, and prefer a virtual environment rather than installing dependencies into the system Python environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
When no user-supplied expense data is present, the skill silently substitutes built-in demo financial transactions and proceeds as if a real analysis occurred. This can mislead users, contaminate downstream workflows, and produce false reports without clear consent or explicit demo-mode acknowledgement.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill writes markdown, CSV, and JSON reports containing transaction data to disk, but this behavior is not clearly disclosed in the skill description. For a finance skill handling sensitive personal data, undisclosed persistence increases privacy and data exposure risk, especially on shared or monitored systems.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The manifest describes broad finance analysis capabilities but provides no clear trigger boundaries, execution constraints, or safety scope. In agent environments, vague activation criteria can cause the skill to run in unintended contexts and process sensitive financial data more often than the user expects.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code exports multiple files containing transaction details, categories, tax flags, and summaries, yet the description does not warn users that execution persists potentially sensitive financial data. This omission materially affects informed consent and may expose private spending records through local storage, backups, or other processes.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.