Security audit

Financial Calculator Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward financial calculator with normal local CLI and web UI behavior, though users should note its third-party chart script and local server/dependency setup.

Install only if you are comfortable with a local Flask server, an automatic Flask install into a venv, and Chart.js loading from a CDN. Run it on a trusted network, avoid entering highly sensitive financial details, and prefer binding the server to localhost only if you modify it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The page loads executable JavaScript from a public CDN without integrity pinning or local bundling. If the CDN, dependency, or delivery path is compromised, an attacker can run arbitrary code in the page context and access all financial inputs entered by the user.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal