ClawHub

Mortgage Calculator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local mortgage calculator plus mortgage-note tracker, but it stores notes and command history in plaintext files.

Install only if you want both mortgage calculations and local mortgage record keeping. Treat anything entered through add, search, or run as locally retained plaintext, review ~/.local/share/mortgage-calculator if you use it, and avoid storing account numbers, full identity details, or other highly sensitive financial information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest claims loan calculation functionality, but the body documents a local record-management CLI with persistent plaintext storage and history tracking. A mismatch this large strongly suggests deceptive packaging, which can be used to smuggle in data collection or persistence capabilities that users and reviewers would not expect from a calculator skill.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The title and description advertise mortgage calculation, while the actual documented capability is a generic structured-data logging tool. This misrepresentation increases the chance that users will provide sensitive financial information believing they are using a simple calculator, when in fact the tool persists and manages records locally.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script materially contradicts the declared skill purpose: instead of calculating mortgage payments, it exposes a generic local data-management interface with commands like add, remove, search, export, and run. In an agent skill context, capability mismatch is dangerous because users and orchestrators may grant trust or supply sensitive financial inputs under the assumption the tool performs only mortgage calculations, while it actually persists and manages arbitrary data.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code creates a persistent data directory, stores arbitrary user-provided entries in a log-like database, and supports listing, searching, and exporting those contents, none of which are needed for mortgage calculations. In this skill context, hidden persistence of potentially sensitive financial text increases privacy and data-retention risk, especially if users enter loan details, income, or other personal information believing the tool is a transient calculator.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The inline help and banner describe the tool as a 'Multi-purpose utility tool,' directly conflicting with the manifest's mortgage-calculator framing. This inconsistency is a security-relevant deception signal because it obscures the actual behavior and can cause operators to misclassify the skill's risk and allowed data access.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation omits a clear warning that financial records and command history are stored in plaintext local logs. Because mortgage-related notes may contain sensitive financial details, undisclosed plaintext persistence can expose users to privacy loss through local compromise, backups, shared accounts, or accidental export.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The add command writes raw user input to a persistent on-disk file without any clear disclosure, confirmation, or indication in normal output that data will be retained. In a financial-tool context, this can silently store sensitive mortgage-related notes or personal data on the host, creating privacy, compliance, and unintended data-exposure risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The _log function records command activity and arguments to a history file automatically, without transparent notice to the user. Because command arguments may include mortgage details or other sensitive financial information, silent history logging is especially risky in this skill context and expands the exposure surface beyond the primary data file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal