Back to skill

Security audit

Cost Control

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed API cost-control skill; its kill-switch behavior is high impact but aligned with its stated purpose and user-enabled setup.

Install only after setting thresholds for your actual budget, verifying any pip package source or copying the reviewed files directly, and confirming state/app.pid can only point to the intended application. Test the watchdog in staging, document how to remove the cron entry, and clear emergency flags only after confirming the runaway-cost cause is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documented Tier 3 kill switch explicitly terminates the entire process, but the README does not clearly warn about operational side effects such as abrupt shutdown, partial work loss, interrupted transactions, or corruption risk for in-flight state. In a production automation context, users may enable this without understanding that process termination can itself cause availability or integrity issues.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The README instructs users to disable the kill switch and remove the emergency flag to resume operation, but it does not prominently warn that this immediately re-enables blocked API activity and may restart the same runaway-spend condition. In a cost-control system, manual recovery steps without safety guidance can lead to repeated incidents or operator error.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The setup text recommends an external watchdog that can kill the entire process, but the nearby instructions do not prominently warn about service interruption, possible data loss, or the need to validate process targeting first. Destructive operational guidance without localized warning increases the chance of accidental self-inflicted denial of service.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The recovery instructions tell the user to delete the emergency flag file to resume operation, but do not warn that this bypasses a safety interlock and may restart spending before root cause analysis is complete. That omission can lead to repeated runaway behavior or premature re-enablement after an incident.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.