AR Collections

Security checks across malware telemetry and agentic risk

Overview

This is a finance reporting skill that clearly describes pulling QuickBooks AR data into local reports and cache files, with no evidence of hidden or destructive behavior.

Install only in a trusted accounting workspace. Before running, confirm the client slug, production versus sandbox mode, QBO permissions, and output directory, and treat the generated Excel workbook plus .cache/ar-collections data as sensitive client financial records that may need retention controls or deletion after use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs users to run a pipeline that pulls accounts receivable data from QBO and writes outputs to local disk, including an Excel workbook and a CDC cache, but it does not clearly warn about this data movement and persistence. Because the data includes sensitive client financial information, users may run it without understanding that customer balances, aging status, and payment patterns will be stored locally, increasing the risk of unauthorized retention, exposure, or mishandling.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal