ClawHub

Insurance Advisor

Security checks across malware telemetry and agentic risk

Overview

This looks like a local insurance tool, but it also includes an under-disclosed finance logging script that can store and export sensitive user entries in plaintext.

Review the scripts before installing. Use only if you are comfortable with plaintext local history and exports under ~/.local/share/insurance-advisor, and avoid entering health conditions, claim details, policy numbers, beneficiary information, tax notes, or detailed financial data unless you are prepared to manage or delete those files yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The advertised skill is an insurance advisor, but the implemented commands are a broad personal-finance logging utility. This mismatch can mislead users and downstream agents into supplying unrelated sensitive financial data under false expectations, increasing privacy and trust risk even without direct code execution.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Tax-note and budget-check capabilities are outside the stated insurance-advisor purpose and expand the surface for collecting sensitive personal financial information. In a skill expected to handle insurance guidance, this unnecessary scope creep makes over-collection and misuse more likely.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script includes export, search, status, recent, and history features that expose accumulated user inputs from local storage. Because the tool persistently logs natural-language financial entries, these retrieval and export functions create a straightforward data disclosure channel if another local user, process, or agent can invoke the script.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The header labels the tool as an insurance advisor, but the behavior is closer to a generic finance logger. This deceptive labeling weakens informed consent and can cause users to reveal broader financial details than they intended for an insurance-focused workflow.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
User-provided inputs are written verbatim to persistent log files, and in this context those inputs may contain sensitive insurance, health, or financial details. The script gives no meaningful warning, consent flow, retention limit, or protection mechanism, so confidential information may be stored unexpectedly and later exposed.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The export feature aggregates all logged entries into json, csv, or txt files on disk, making sensitive financial history easier to copy, exfiltrate, or accidentally disclose. In an insurance-advice context, exported content may include highly personal details that users do not expect to be bundled into reusable plaintext files.

Ssd 3

Medium
Confidence
98% confidence
Finding
The script is built around retaining all user inputs and then providing built-in commands to search, display, summarize, and export that data. This creates a natural-language data retention and disclosure pathway that is especially risky for an insurance skill, where users may provide health, beneficiary, claim, or financial information assuming advisory use rather than indefinite storage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal