Token Usage Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a local token-usage tracking skill with disclosed tracking behavior and no evidence of exfiltration, credential access, or unsafe automation.

Safe to install from the reviewed evidence. Use explicit token-usage wording when you want it to run, and be aware it may keep local usage totals/history in .usage-tracker.json unless configured otherwise.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrases include broad, natural-language expressions such as “消耗了多少” and “花了我多少token,” which could match ordinary conversation and cause the skill to activate unexpectedly. In a tracking skill, overbroad activation can lead to unintended interception of user requests, confusion about assistant behavior, and unnecessary exposure of conversation metadata or usage history.

Natural-Language Policy Violations

Medium

Confidence: 80% confidence
Finding: The skill metadata and trigger design are written only in Chinese and imply Chinese-language behavior without any user-language negotiation or opt-in. This can cause the skill to activate or respond in a language the user did not request, degrading usability and potentially obscuring what data is being tracked or reported.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal