ClawHub

investment-tracker-app

Security checks across malware telemetry and agentic risk

Overview

This investment tracker is coherent, but it handles sensitive financial screenshots and local financial records with under-scoped privacy and network-exposure guidance.

Install only if you trust the companion backend and the configured AI provider. Keep the backend bound to localhost unless you add access controls, redact account identifiers before uploading screenshots, protect the API key, and review every proposed write, rollback, or deletion before confirming.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly encourages users to upload brokerage holding screenshots to third-party AI vision providers, but it does not clearly warn that these images may contain sensitive financial information such as account holdings, balances, and possibly identifying metadata. In a portfolio-management skill, this omission is security-relevant because users may unknowingly transmit confidential investment data to external services with different retention, logging, or jurisdictional practices.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase “更新持仓” is overly broad and overlaps with other portfolio-management intents, so an agent may incorrectly enter the screenshot-import workflow when the user only meant a generic holdings update. In this skill, that matters because the workflow performs an automatic upload/analysis step before the explicit confirmation gate for persistence, creating unnecessary data exposure and action confusion.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase “历史记录” is ambiguous and can match diary history, equity curve history, or import snapshot history. That ambiguity can steer the agent into the wrong workflow and, in this section, may tee up rollback or deletion operations against import snapshots after an imprecise user request.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal