freelance invoice tracker

Security checks across malware telemetry and agentic risk

Overview

This skill’s sensitive access is consistent with invoice tracking and payment follow-up, but users should configure messaging and credentials carefully.

Before installing, confirm the Google service account can access only the intended invoice sheet, keep credentials out of files and chats, and review the reminder templates, recipients, and channels before allowing automated messages to clients.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill is explicitly designed to transmit client invoice data and payment reminders over external channels like email and WhatsApp, but it does not present any consent, confirmation, or privacy warning before contacting third parties. This creates a real risk of unintended disclosure of client names, contact details, invoice amounts, GST information, and payment status, especially if reminders are triggered automatically or misconfigured.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The skill requires a Google service account credential and references storing it in an environment variable, but it does not include any warning or guidance about secure handling of this highly sensitive secret. If mishandled, exposed credentials could grant unauthorized access to invoice records, client PII, payment status data, and financial reporting information stored in Google Sheets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal