ClawHub

abe-expense-tracker-pro

Security checks across malware telemetry and agentic risk

Overview

This expense-tracking skill is coherent and purpose-aligned, but users should understand that expense details are processed and stored through the SkillBoss/HeyBoss service.

Install only if you are comfortable giving the skill a SkillBoss API key and having expense descriptions, budgets, and stored records processed through SkillBoss/HeyBoss services. Avoid entering highly sensitive financial details unless you understand that provider's privacy and retention practices, and verify how to delete or export stored expense data before relying on it long term.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares use of an API key and external API Hub access, but no explicit permissions are declared for environment or network capabilities. This creates a transparency and consent problem: users and reviewers cannot clearly see that expense data may be transmitted externally and that secrets are required to operate the skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that expense data persists across sessions in KV storage, but it does not clearly warn users that potentially sensitive financial information will be retained. Because expense logs can reveal habits, subscriptions, health spending, and other personal details, silent persistence increases privacy risk and the chance of unintended long-term data exposure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The manifest requires an API key and the description references SkillBoss API Hub, but there is no accompanying warning that user expense data may be sent to an external service for processing. This is risky because financial entries may contain sensitive personal information, and users are not told about third-party handling, transmission, or associated privacy implications.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
User expense descriptions and derived financial data are sent to an external API for parsing and responses, but the code provides no user-facing notice or consent mechanism. Because expense data can contain sensitive financial and behavioral information, undisclosed third-party transmission creates a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill persists expense records and budgets in storage without any visible disclosure, consent, retention policy, or delete/export controls. Storing financial history increases privacy risk, especially if users are unaware data is retained across sessions.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
78% confidence
Finding
The trigger phrase 'log expense' may conflict with a built-in 'log' command, creating ambiguity over whether the platform or this skill handles the request. While not a direct data-exfiltration flaw by itself, trigger shadowing can misroute user actions and cause unintended invocation of a skill that processes sensitive financial data.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal