ClawHub

Finance Autopilot

Security checks across malware telemetry and agentic risk

Overview

Finance Autopilot handles sensitive personal finance details, but the reviewed artifact is an instruction-only skill whose data use is disclosed and aligned with its budgeting purpose.

Install only if you are comfortable giving the agent receipts, bills, income, budgets, subscriptions, and spending history. Use it in a private account or device, avoid forwarding documents with unnecessary account identifiers, and confirm how to review, delete, or reset stored finance records before relying on ongoing reminders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger map uses broad natural-language phrases such as "How am I doing this month" and "Help me save more" without clear activation boundaries, making accidental invocation plausible during ordinary conversation. In a finance skill, unintended activation can expose or summarize sensitive financial data at the wrong time or in the wrong conversational context.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The instruction to trigger on "Forward any receipt, invoice, or billing email" is ambiguous and lacks scope controls around what content may be ingested, stored, or parsed. Receipts and billing emails routinely contain addresses, account numbers, partial card data, and merchant metadata, so overly permissive intake increases the risk of unnecessary collection and retention of sensitive financial information.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The skill specifies automatic actions like generating reports on the 1st of each month and reminders every Monday morning, but does not define consent, delivery channel, or visibility constraints. Scheduled proactive disclosures can surface private financial information at unsafe times, including shared devices, shared inboxes, or contexts where other people can observe the output.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The unusual-spending module is described as running automatically after every logged expense, creating an always-on monitoring flow without clear limits on analysis, retention, or user consent. Continuous behavioral profiling of spending patterns is especially sensitive in a personal finance context and can reveal habits, health-related purchases, travel, or other intimate lifestyle details.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description encourages users to forward bills and receipts but does not prominently warn that this exposes highly sensitive financial data to the agent for parsing and storage. Because the skill is explicitly designed around personal finance, missing upfront disclosure materially increases the chance that users will share more data than they realize, including identifiers and transaction history.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal