Budget
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward local budget tracker with disclosed local storage and no evidence of hidden network access, credential use, or destructive behavior.
Install if you want a local budget log for agent spending. Be aware that merchant names and notes are stored in plain JSON, so avoid putting secrets or sensitive personal details in budget notes and use a protected data directory if needed. The skill can warn or return a blocking exit code, but it cannot technically prevent spending by tools that ignore that check.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.