ClawHub

Finance Automation

Security checks across malware telemetry and agentic risk

Overview

The skill matches its finance automation purpose, but it exposes sensitive finance-changing API routes without implemented authentication, so users should review and harden it before installation.

Install only after adding real authentication and role-based authorization to all /api routes, keeping tunnels limited to webhook testing, using sandbox payment keys first, protecting the .env file and SQLite database, and reviewing exactly what customer/payment details are sent to Telegram or email.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The guide instructs users to place a Telegram bot token directly into a curl URL and send it to an external service without any warning about shell history, terminal logging, screenshots, or shared-session leakage. While this is a common API testing pattern, embedding bearer-style secrets in command lines increases the chance of accidental credential exposure and unauthorized bot access.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill handles highly sensitive financial workflows including payments, invoices, expenses, revenue reports, and Telegram notifications, but the description provides no user-facing warning about financial data sensitivity, webhook trust boundaries, or external data sharing. This increases the risk of unsafe deployment or misuse because operators may expose customer/payment data, misconfigure notifications, or assume the automation is safe for production without understanding security and privacy implications.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal