ClawHub

GridTRX

Security checks across malware telemetry and agentic risk

Overview

GridTRX is a coherent local accounting tool, but it gives agents direct authority to import, delete, and close financial records without enough built-in confirmation guidance.

Install only for a dedicated GRIDTRX_WORKSPACE and treat it as write-capable accounting software, not a read-only helper. Keep backups of every books.db and require explicit approval before imports, deletes, rule changes, lock/ceiling changes, report layout edits, exports, or year-end rollover. Do not share the database by email or other insecure channels unless the user explicitly approves and understands it may contain sensitive financial data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documented delete command removes transactions and the README does not mention any confirmation step, dry-run mode, or requirement for explicit operator approval. In an AI-agent-oriented CLI, this increases the chance of accidental or unauthorized destructive actions that can alter financial records, especially because the tool supports chained one-shot workflows.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README explicitly describes an agent deleting old entries, re-importing data, and otherwise performing bookkeeping changes, but it does not pair those destructive capabilities with guidance for confirmation, review checkpoints, backups, or least-privilege operation. In an agent-driven accounting context, this increases the chance of silent data loss or unintended ledger tampering, especially because financial records are sensitive and auditability matters.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README lists multiple write-capable MCP tools, including deletion, importing, account/rule creation, year-end rollover, and lock-date modification, without an explicit warning that these tools can materially alter accounting books. Because the skill is marketed for autonomous agent use, omission of safety guidance makes misuse more dangerous: an LLM agent or integrator may expose these tools without implementing confirmations or authorization boundaries.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation guidance is overly broad: phrases like 'do the books,' 'categorize expenses,' and 'import bank transactions' can overlap with ordinary conversation and may cause the skill to be invoked in contexts the user did not clearly intend. Because the skill has write-capable tooling and operates on financial records, accidental invocation could lead to unintended imports, rule creation, or data modification if an agent auto-runs recommended workflows.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow instructs the agent to 'Delete each suspense transaction, then re-import' without requiring explicit user confirmation, dry-run output, or backup creation. In an accounting context, deleting transactions is a destructive operation that can remove audit trail data, and a mistaken deletion could materially alter books before the user notices.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The recovery section again recommends deleting transactions one by one as the primary remediation path, but provides no explicit warning, confirmation gate, or requirement to verify the matched transactions before deletion. In a financial ledger, this creates risk of accidental data loss, corrupted auditability, and incorrect financial statements if the wrong records are removed.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The instruction to 'email' the SQLite accounting database encourages transmission of a file likely containing sensitive financial and possibly personal data, without any constraint, approval check, or secure-transfer guidance. In an agent-oriented skill, this is more dangerous because an autonomous system may operationalize the suggestion and send confidential books through insecure or unauthorized channels.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill explicitly normalizes emailing the full accounting database but provides no privacy, confidentiality, or sensitivity warning. Because the product is designed for AI agents and stores all books in a single local SQLite file, this can lead to unreviewed exfiltration of highly sensitive client financial records if an agent follows the instruction literally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal