Back to skill

Security audit

Firefly III

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-built for Firefly III, but it gives an agent broad access to sensitive financial records without enough guardrails.

Install only if you are comfortable letting an agent read and potentially change your Firefly III financial data. Use a limited token if possible, prefer secure secret storage or strict permissions on ~/.firefly_token, use HTTPS, and require the agent to show the exact request and receive explicit approval before any create, update, delete, rule, budget, or recurring-transaction action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly documents operations that create and modify financial records but does not warn that these actions can change real account data. In an agent setting, that omission increases the chance of unintended destructive or irreversible bookkeeping changes when the skill is invoked from natural-language requests.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The configuration section instructs use of a personal access token and local token file without any warning about secret handling, scope minimization, or exposure risks. In an agent/tooling environment, this can normalize unsafe credential practices and lead to leakage of a token that grants direct access to sensitive financial data and write actions.

Session Persistence

Medium
Category
Rogue Agent
Content
- `FIREFLY_URL`: Base URL (e.g., `https://budget.example.com`)
- `FIREFLY_TOKEN`: Personal Access Token (stored at `~/.firefly_token`)

Get token: Profile → OAuth → Personal Access Tokens → Create new token

## API Basics
Confidence
88% confidence
Finding
Create new token ## API Basics ```bash TOKEN=$(cat ~/.firefly_token

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.