ClawHub

账本

Security checks across malware telemetry and agentic risk

Overview

This bookkeeping skill is mostly coherent, but it gives a remote service write access to sensitive financial records and lists an unrelated messaging tool without enough guardrails.

Review carefully before installing. Only use this skill if you trust moneydata.cn with your personal financial records, are comfortable storing its token and stable identity value, and can confirm every write operation before it updates your ledger. The publisher should remove or clearly justify the send_message tool and add explicit confirmation guidance for income, expense, asset, borrowing, and repayment actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The reference documentation advertises a `send_message` tool that falls outside the stated bookkeeping and asset-management scope. An out-of-scope user-contact capability expands what the skill can do beyond financial record management, increasing the risk of unsolicited messaging, social engineering, or covert user influence if the agent invokes it unexpectedly.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
A user-messaging capability is context-inappropriate for a personal bookkeeping skill because it enables communication actions unrelated to recording or querying finances. In a finance context, this is more dangerous because messages can be used to pressure users, solicit sensitive information, or create misleading financial prompts under the appearance of a trusted bookkeeping assistant.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description includes very broad trigger phrases such as 记账, 查交易, 收支, 财富看板, and 账本, which can overlap with ordinary conversation about personal finance. In an agent routing context, this can cause unintended activation of a financial-management skill and lead to unnecessary collection, transmission, or modification of highly sensitive financial data through the remote MCP service.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document describes multiple write-capable financial operations such as income, expense, asset buy/sell, borrow, and repay, but provides no warning that these calls modify user financial records and may have irreversible consequences. In a personal finance skill, missing transaction-safety guidance materially raises the chance of accidental or unauthorized ledger changes, debt entries, or asset movement records.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal