ClawHub

AgentLedger

Security checks across malware telemetry and agentic risk

Overview

AgentLedger is a local expense-tracking skill whose file access is sensitive but aligned with its stated purpose.

Install only if you want a local financial ledger. Treat its ledger files, backups, Privacy.com imports, and CSV/JSON exports as sensitive financial records; avoid storing card numbers or passwords; and only import from or export to paths you intend to use. Verify the command paths in the installed package because the reviewed artifact layout does not match all documented src/ references.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The exportTransactions function accepts a caller-supplied filePath and passes it directly to fs.writeFile with no path validation or confinement to the ledger workspace. In an agent setting, this allows transaction data to be written to arbitrary local files, which can overwrite unrelated files or exfiltrate sensitive financial records into attacker-chosen locations if an untrusted prompt or tool invocation controls the destination.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README encourages importing Privacy.com exports but does not clearly warn that the imported file may contain sensitive financial transaction data that will be ingested and stored locally in the ledger. In an agent-oriented skill, this omission increases the chance that an autonomous agent or user will process sensitive financial records without informed consent, creating privacy, retention, and accidental disclosure risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code writes sensitive transaction data to any supplied path without warning, consent, or disclosure, increasing the risk of silent data exposure. Because this skill handles financial audit data, an agent or attacker influencing arguments could export records to unintended locations where other processes or users may access them.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal