ClawHub

Watch My Money

Security checks across malware telemetry and agentic risk

Overview

This finance skill is mostly local and user-directed, but its report template quietly loads Google Fonts despite claiming no network calls.

Install only if you are comfortable with local copies of your transaction history and reports being saved under ~/.watch_my_money/. Do not treat the privacy toggle as redaction for sharing. The main review issue is that generated reports load Google Fonts despite the skill's no-network privacy claim; use offline/system fonts or block external requests if you need strict local-only handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The template imports Google Fonts from an external domain, which creates an outbound network request when a user opens a report. In a financial-analysis skill, this leaks metadata such as IP address, user agent, and report-open timing to a third party, which conflicts with the expectation of local/private handling of transaction data.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are very broad, natural-language finance queries that overlap with common user intents, which increases the chance the skill will activate unexpectedly on sensitive banking discussions. In a finance context, unintended invocation is more dangerous because users may provide transaction histories, budgets, and merchant data without realizing a persistent analysis/reporting skill was engaged.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly stores sensitive financial data, reports, and merchant history under the user's home directory, but the documentation does not clearly warn about retention duration, what exact data is persisted, or the consequences of local compromise/shared accounts. For banking data, silent persistence materially raises privacy and exposure risk because transaction histories and generated HTML/JSON reports can reveal spending patterns, merchants, income, and recurring obligations.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The copySummary function places financial totals onto the system clipboard with no warning about sensitivity or persistence. Clipboard contents may be exposed to other apps, pasted into the wrong destination, or remain available longer than the user expects, which is risky for personal finance data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal