Back to skill

Security audit

accounting assistant

Security checks across malware telemetry and agentic risk

Overview

This is mostly a coherent local expense tracker, but its chart script can silently take a full-screen macOS screenshot as a fallback, which is broader than users would expect for generating charts.

Review carefully before installing. Use explicit bookkeeping commands and inspect confirmations and exported files. Do not use the chart PNG/report feature on macOS unless the screen-capture fallback is removed or clearly gated, because it may save or return unrelated visible screen content if normal rendering fails.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
pass
    # Fallback: use Safari/webkit
    try:
        r = subprocess.run(
            ['screencapture', '-x', '-t', 'png', str(tmp_png)],
            capture_output=True, timeout=5
        )
Confidence
93% confidence
Finding
r = subprocess.run( ['screencapture', '-x', '-t', 'png', str(tmp_png)], capture_output=True, timeout=5 )

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
For a chart generator, invoking OS-level thumbnailing and especially screen-capture tooling expands privileges beyond what users would reasonably expect. The dangerous part is the screen-capture fallback, which can collect data unrelated to the requested chart and leak desktop contents.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The function advertises HTML-to-PNG conversion, but the fallback performs a generic screenshot instead. That mismatch is security-relevant because callers may trust it to process only the generated file while it can actually capture arbitrary visible desktop content.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are extremely broad and include common spending-related words, currency symbols, and many brand names, which can cause the skill to activate during ordinary conversation not intended for bookkeeping. In a financial-recording skill, unintended invocation is risky because it may misclassify user messages as transactions and lead to persistent storage of sensitive financial data without clear consent.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Telling users to 'just send natural language' without defining activation boundaries encourages the system to treat free-form chat as bookkeeping input. Because this skill writes entries persistently, ambiguous or incidental messages could be recorded as financial transactions, creating privacy issues and corrupting the ledger.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly defines a local data path for the expense ledger but does not warn users that their financial messages and raw transaction text will be stored on disk. Since the data model includes notes, raw input, member tags, and timestamps, the stored data may contain sensitive personal and household financial information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The export functionality creates CSV/Excel outputs containing financial records, but the documentation does not warn users that sensitive local files will be generated. Exported files are easy to copy, sync, or mis-handle, increasing the chance of financial data leakage beyond the original ledger storage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.