Usage Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward usage and cost tracker that stores local usage logs, with no evidence of hidden code, credential access, or unsafe behavior.

Install only if you are comfortable keeping provider, model, token-count, and task-type history in a local JSONL log. Avoid sensitive task labels, periodically delete or rotate the log if retention matters, and use Telegram reporting only in trusted chats.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill explicitly states that logs are stored on disk in `usage-logs/api-cells.jsonl`, but it does not warn users that this creates persistent records of provider, model, token counts, and task metadata. In environments where usage patterns are sensitive, undocumented on-disk retention can expose operational telemetry to other local users, backups, or downstream tooling, increasing privacy and confidentiality risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal