旅行记账助手

Security checks across malware telemetry and agentic risk

Overview

This travel expense helper stores trip spending records locally as expected, but users should understand those records can include private travel and financial details.

Install only if you are comfortable with trip names, dates, amounts, categories, and descriptions being saved as local JSON files. On a shared or synced computer, review the travel_expenses/ directory and delete records when they are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The markdown states that expense data is stored in a local directory but does not warn users that potentially sensitive financial information will persist on disk. In this context, transaction descriptions, trip names, amounts, and dates may reveal private travel patterns or spending behavior if other local users or processes can access the files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal