ClawHub

Budget & Expense Tracker

Security checks across malware telemetry and agentic risk

Overview

This budget-tracking skill is coherent and local-first, with sensitive financial-file handling that users should manage carefully.

Install only in a workspace you control. Treat the generated budget JSON/CSV files as private financial records, review parsed transactions and recurring rules before relying on reports, avoid committing ledgers to shared or public repositories, and use manually supplied exchange rates if you want to preserve the stated no-external-API privacy model.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill promises that all financial data stays local and that no external APIs are used, yet it also specifies foreign-currency conversion at the current rate, which normally requires an external data source unless rates are manually provided or preloaded. This mismatch can mislead users about data flows and privacy expectations, especially for highly sensitive financial records.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The activation logic is overly broad: 'when a user says something about money' can cause the agent to parse ordinary conversation as a command and persist sensitive financial data without sufficiently explicit user intent. In a finance-tracking skill, accidental capture or modification of personal records is a meaningful security and privacy risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill stores detailed financial data locally and supports export, but it does not provide an explicit warning about sensitivity, access controls, or the risks of exporting/committing files. Users may expose account activity, merchants, income, and goals through insecure file permissions, accidental sharing, or repository commits.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal