ClawHub

Revolut Business

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Revolut Business CLI, but it gives an agent high-impact banking authority with some actions that execute without confirmation and stores refreshable credentials locally.

Install only if you deliberately want an agent-accessible Revolut Business tool. Protect ~/.clawdbot/revolut/, restrict Revolut API permissions and IP allowlists, avoid autonomous use for payments, FX, or transfers, prefer draft payments, and review destination, amount, currency, and export path before running commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd):
    return subprocess.run(cmd, shell=True, capture_output=True, text=True)


def main():
Confidence
95% confidence
Finding
return subprocess.run(cmd, shell=True, capture_output=True, text=True)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The exchange command performs a live currency conversion immediately with no confirmation prompt, preview, or dry-run mode. In a financial automation skill, this raises the risk of accidental irreversible trades from user typo, script misuse, or unsafe agent orchestration.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The transfer command initiates internal fund movement without any user-facing confirmation or warning. Even though transfers are between owned accounts, mistakes in source/target account IDs or amounts can immediately move funds and disrupt business operations.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The export command can write sensitive transaction data, including merchant details and card-related fields, to any caller-specified path with no sensitivity warning or path restrictions. In an agent skill context, this increases the chance of accidental disclosure into shared workspaces, logs, synced folders, or insecure locations.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script stores OAuth tokens on disk in tokens.json without setting restrictive file permissions or clearly warning the user that bearer tokens will persist locally. On multi-user systems or weakly protected home directories, another local user or process could read the file and gain API access.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal