Security audit

spending-log

Security checks across malware telemetry and agentic risk

Overview

This is a useful local spending tracker, but it asks the agent to set up automatic monthly report delivery and back up sensitive expense reports to a fixed external path without clear opt-in controls.

Review and change the backup location before installing, and do not allow the cron setup unless you explicitly want monthly expense reports generated and sent automatically. Treat the stored JSON, HTML, and CSV files as sensitive financial records, and keep your own backup if you rely on the data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill expands from simple expense logging into external backup and scheduled outbound delivery of reports, including writing to an absolute directory outside the stated local data area. That broader behavior increases data exposure risk for sensitive financial records and introduces persistence and exfiltration-like channels not implied by the core bookkeeping function.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: Scheduled task configuration via `openclaw cron` introduces persistent autonomous behavior that continues after initial use. For a bookkeeping skill, this is risky because it can repeatedly access, generate, and send sensitive spending data without a fresh user action each time, increasing the chance of unnoticed disclosure or abuse.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill performs write, edit, and delete operations on local financial records without documenting clear risk warnings or requiring explicit confirmation for impactful changes. Because expense data is sensitive and integrity matters, accidental or manipulated state changes could cause silent data loss or falsified records.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.