ClawHub

Budget

Security checks across malware telemetry and agentic risk

Overview

This is a local-only budgeting helper with disclosed financial-data storage and no evidence of hidden network, credential, or account access.

Install only if you are comfortable storing budget, income, merchant, and expense details in local files under ~/.openclaw/workspace/memory/budget. Review any missing helper scripts before adding them, and use explicit confirmation or backups before deleting, exporting, or changing stored budget records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to read and write local files under `memory/budget/`, but no permissions are declared. This creates a capability/permission mismatch that can undermine platform controls, make security review harder, and allow unintended access or persistence of sensitive financial data if the runtime honors the described behavior.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The example trigger phrase "Create a budget for me" is broad and may be invoked by generic requests that lack sufficient budgeting context, increasing the chance the agent routes unrelated conversations into this skill. In a financial-management skill, mistaken activation can cause inappropriate collection or modification of sensitive budget data and degrade trust through incorrect financial guidance or actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill exposes both single-delete and bulk-delete commands for financial records without any warning, confirmation, preview, or rollback guidance. In a budgeting skill, deletion of expense history can materially distort budgets, trends, and reports, and an accidental or manipulated invocation could cause irreversible loss of locally stored financial data.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The markdown presents budget-modifying commands such as reallocation and budget updates as straightforward executable steps without an explicit warning that they alter persistent financial records. In an agentic environment, this increases the risk that tooling or downstream implementations perform state-changing actions based on conversational context without clear user confirmation, leading to unauthorized or accidental modification of sensitive personal finance data.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documented export commands create local CSV/JSON files containing detailed personal financial data, but the skill provides no warning that these artifacts persist on disk and may be readable by other local users, backups, sync tools, or later processes. In a privacy-first budgeting skill, silent persistence of sensitive spending history and income data materially increases confidentiality risk even without any network exfiltration.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal