Compound

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local compound-interest calculator, with the main privacy consideration that it saves and can export financial calculation history.

Install only if you are comfortable with calculation inputs and results being saved locally in ~/.compound/data.jsonl. Be careful when using export because OUTPUT can write to and overwrite a file path you provide; choose a private location and delete the history file if you do not want records retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill documents use of environment variables and persistent local file writes to ~/.compound, but it does not declare corresponding permissions or clearly surface those capabilities to the user. Hidden or undeclared access to local storage increases trust risk because financial inputs and outputs may be persisted without an explicit permission boundary.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The declared purpose focuses on calculation and planning, but the documented behavior also includes persistent storage, history retrieval, export to files, and configuration modification. This mismatch is dangerous because users may invoke what appears to be a simple calculator without realizing it stores potentially sensitive financial data and can write that data elsewhere.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill silently creates and maintains local history and configuration files even though its description presents it as a calculator/planning tool. Persisting financial inputs and outputs expands the data-handling scope and creates privacy and retention risk if other local users, backups, or later commands access this data unexpectedly.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The export feature allows writing saved records to any user-supplied path, which goes beyond a narrow financial calculator function and can overwrite arbitrary files writable by the current user. In an agent setting, this broad file-write capability materially increases risk because a caller can direct output into sensitive shell startup files, app configs, or other operational paths.

Context-Inappropriate Capability

Medium

Confidence: 85% confidence
Finding: The config editing command lets callers modify persistent application behavior, which is broader than core interest calculation and changes future executions. While not inherently malicious, unnecessary mutable state increases attack surface and can be abused to alter formatting, defaults, or downstream behavior in ways users may not expect.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill states that all calculation history is stored in ~/.compound/data.jsonl, but it does not adequately warn that principal amounts, rates, goals, and results may constitute sensitive financial information. Default persistence of such data can expose private financial details to other local users, backups, logs, or later unintended disclosure.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The export command allows calculation history to be written to an arbitrary output path, but the documentation does not warn that this can copy sensitive financial records into less protected locations. That creates a meaningful risk of accidental disclosure through shared directories, world-readable files, synced folders, or overwritten files.

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The tool stores financial calculation history locally without warning users in the help text or inline output. Even if the data is not secret by design, undisclosed storage of financial scenarios can expose sensitive personal planning information through local inspection, backups, or shared environments.

Missing User Warnings

Low

Confidence: 96% confidence
Finding: Writing exports directly to a caller-controlled path with mode 'w' can overwrite existing files without confirmation. In practice, this can destroy user data or be leveraged by a higher-level agent workflow to modify writable files unrelated to the calculator's purpose.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal