ClawHub

Personal Finance Mastery

Security checks across malware telemetry and agentic risk

Overview

This is a text-only personal finance planning skill that handles sensitive financial topics but shows no hidden code, account access, exfiltration, or unsafe install behavior.

Install only if you want an agent to help organize personal finance planning. Do not enter passwords, recovery phrases, full account numbers, tax IDs, or unnecessary personal identifiers. Keep any generated finance files in an encrypted, private location, and require explicit approval before connecting banking, brokerage, tax, or file-system tools or before making any real payments, transfers, trades, rebalancing, or account changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly encourages daily, weekly, monthly, and quarterly automation over highly sensitive financial data, including transaction categorization, balance checks, net worth tracking, and unusual-spending detection, but provides no privacy notice, consent boundary, retention guidance, or secure handling requirements. In a personal-finance skill, this omission is meaningful because users may expose account balances, spending patterns, debts, and investment data to an agent without understanding storage, access, or sharing risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The proposed file structure directs storage of net worth snapshots, budgets, insurance coverage, estate checklists, and review documents that could reveal account balances, liabilities, beneficiaries, and other sensitive personal information, yet it gives no warning about secure storage or access control. This is especially dangerous because estate-related files and financial records are high-value targets for identity theft, fraud, social engineering, and account takeover if stored insecurely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal