ClawHub

Loan Calculator

Security checks across malware telemetry and agentic risk

Overview

The skill includes a real loan calculator, but it also ships an unrelated utility script that can store user input locally without clear disclosure.

Review before installing. Use only the loan-specific calculator script for calculations, avoid entering sensitive personal or financial information into the generic add/run utility commands, and check the local loan-calculator data directory if you test the bundled utility script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implemented script is materially inconsistent with the declared skill purpose: instead of performing loan calculations, it acts as a generic local data collection and logging utility. That mismatch is dangerous because users may invoke it expecting financial calculations while it silently stores arbitrary inputs and operational history, creating undisclosed data collection behavior under a misleading cover story.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The inline description and CLI help explicitly present the tool as a 'Multi-purpose utility tool,' which directly contradicts the manifest's loan-calculator identity. This discrepancy increases suspicion of deceptive packaging and can mislead reviewers and users about the true behavior of the skill, especially when combined with persistent logging features.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The logging helper writes user-influenced command arguments to a persistent history file without any disclosure in the interface or help output. In skill contexts, users may provide sensitive financial information, so silent retention of inputs and actions can expose personal data on disk and violate least-surprise/privacy expectations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The add command appends arbitrary user input directly into a persistent local database file and echoes it back, but the tool does not warn that the data will be stored. Given the claimed loan-calculator context, users could reasonably enter sensitive financial notes or identifiers, making undisclosed persistence more dangerous than in a clearly labeled note-taking utility.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal