ClawHub

智能自动记账

Security checks across malware telemetry and agentic risk

Overview

This bookkeeping skill is not malicious, but it should be reviewed because it can record, reveal, report, and delete personal financial data from broad conversational triggers.

Install only if you are comfortable with an agent managing a local personal finance ledger. Use explicit commands, review parsed entries before saving, and avoid relying on the delete/report flows unless you add confirmation or backup behavior. The package also appears incomplete because it references Python scripts that were not included.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill advertises very broad trigger phrases such as '买了', '收到', '支出', and '收入' that commonly appear in ordinary conversation. In an agent environment, this can cause accidental invocation and unintended financial data capture or actions when the user did not intend to use the bookkeeping skill.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction to parse '任何类似记账的话' is overly permissive and leaves invocation boundaries undefined. This increases the chance that unrelated user messages are interpreted as bookkeeping commands, leading to mistaken records and possible follow-on actions without clear user intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Query examples like '看看' and generic mentions of '账单' or spending can overlap with normal conversational language. This may expose personal financial records in contexts where the user was speaking generally rather than requesting a ledger lookup.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Report-generation triggers like '报告', '月报', and '可视化' are vague and likely to collide with unrelated requests. Because report generation creates and surfaces an HTML artifact, accidental invocation can unnecessarily expose aggregated private financial data and create files the user did not intend to generate.

Vague Triggers

High
Confidence
97% confidence
Finding
Deletion is a destructive action, yet the documented triggers include ambiguous everyday phrases like '撤销' and '删掉第5条'. In a conversational agent, ambiguous deletion intents can cause unintended loss of financial records, especially if the skill acts without a strong confirmation step tied to the exact record ID.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal