Acca Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it helps track football accumulator bets, with clear confirmation before recurring tracking starts.

Before installing, be comfortable sharing betting slip details with the agent and allowing recurring score checks. Confirm the parsed slip before tracking starts, use "stop tracking" when done, and review or delete local cron output files on shared machines if reports include private betting information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill advertises broad trigger phrases such as "track my acca", "monitor my bet", and "check my slip", which are generic enough to match normal conversation outside a clear opt-in flow. This can cause unintended invocation of a skill that parses user-provided images/text and creates recurring web-backed cron jobs, leading to unnecessary data processing, unwanted background activity, and possible user confusion or privacy issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal