Security audit

Ca Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed TallyPrime accounting helper that can read and change local books, so it is appropriate only for supervised accounting use.

Install only if you want an agent to work with your local TallyPrime data. Keep TALLY_URL pointed at a trusted localhost Tally server, confirm the exact company and date scope before reads, require explicit review before any master/voucher create, alter, or cancel action, and keep backups of company data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (8)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill metadata says it is for reading accounting reports and posting/updating vouchers, but this file also documents creation of stock groups, UOMs, stock items, and godowns. That expands the operational scope from transactional posting into master-data administration, increasing the chance an agent can make persistent structural changes to a company file that the user did not intend or authorize.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The file enables creation and alteration of Tally masters such as ledgers and groups, which materially expands the skill from reading reports and posting/updating vouchers into modifying accounting configuration. That scope expansion increases the blast radius of misuse: an agent using this reference could create fraudulent ledgers, reclassify accounts, or alter master data in ways that affect downstream reporting and voucher behavior without that capability being clearly declared in the manifest.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The file documents sending arbitrary custom TDL inside XML requests as a fallback for data export. This materially expands the skill from fixed report retrieval to code-like extensibility against the local Tally instance, enabling unreviewed report/collection definitions that can expose additional business data and potentially bypass intended capability boundaries.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill advertises itself for very broad accounting-related triggers such as invoices, ledgers, GST, returns, and financial statements, which substantially increases the chance of over-invocation on ambiguous user requests. Because this skill can perform write operations against a local TallyPrime instance, accidental invocation could lead to unintended reads of sensitive financial data or, if the agent proceeds too far, unintended posting or alteration workflows.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The examples are ready-to-use import payloads that will create masters and sales vouchers in the selected Tally company, yet the document does not warn that these actions are state-changing. In an agent setting, this omission is dangerous because a model may treat the templates as safe reference material and execute destructive or unintended accounting/inventory changes against production data.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The documentation encourages exporting sensitive accounting, GST, outstanding, and company data over HTTP/XML without any warning, consent boundary, or data-handling precautions. In a financial skill, this increases the risk of over-collection or inadvertent disclosure of confidential records, especially in multi-company CA environments where the wrong company or broad reports may be queried.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The cancellation section provides a ready-to-use `ACTION="Cancel"` template without any requirement to confirm user intent, warn about irreversible accounting consequences, or verify the target voucher before voiding it. In a skill that can directly modify local accounting records, this omission increases the risk of accidental or unauthorized destruction of financial data and audit-trail disruption.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The alteration guidance tells the agent how to resend an existing GUID with `ACTION="Alter"` but does not require any warning that this edits previously recorded books or any confirmation that the identified voucher is the intended one. In the context of a Tally integration skill with write capability, this can lead to silent modification of financial records, causing integrity and compliance issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.