OEE AI Cost Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a local AI API cost tracker whose files match its stated purpose and do not show hidden network, credential, or destructive behavior.

Before installing, confirm you are comfortable with a local usage.jsonl file being created in the skill directory. Avoid logging secrets, full prompts, customer data, or sensitive project details in the description field, and ensure Python 3.10+ is available if you plan to run the scripts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Low

Confidence: 92% confidence
Finding: The trigger phrase "cost breakdown" is generic and could match many unrelated user requests outside this skill's AI-spend domain. The file does not provide limiting context or exclusion examples to clarify when this phrase should or should not invoke the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal