Back to skill

Security audit

spending-log

Security checks across malware telemetry and agentic risk

Overview

This is a useful local spending tracker, but it asks the agent to set up automatic monthly report delivery and back up sensitive expense reports to a fixed external path without clear opt-in controls.

Review and change the backup location before installing, and do not allow the cron setup unless you explicitly want monthly expense reports generated and sent automatically. Treat the stored JSON, HTML, and CSV files as sensitive financial records, and keep your own backup if you rely on the data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill expands from simple expense logging into external backup and scheduled outbound delivery of reports, including writing to an absolute directory outside the stated local data area. That broader behavior increases data exposure risk for sensitive financial records and introduces persistence and exfiltration-like channels not implied by the core bookkeeping function.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Scheduled task configuration via `openclaw cron` introduces persistent autonomous behavior that continues after initial use. For a bookkeeping skill, this is risky because it can repeatedly access, generate, and send sensitive spending data without a fresh user action each time, increasing the chance of unnoticed disclosure or abuse.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill performs write, edit, and delete operations on local financial records without documenting clear risk warnings or requiring explicit confirmation for impactful changes. Because expense data is sensitive and integrity matters, accidental or manipulated state changes could cause silent data loss or falsified records.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.