ClawHub

Expense Tracker v2

Security checks across malware telemetry and agentic risk

Overview

This is a coherent expense-tracking skill, but users should be careful with its password handling, local expense file, and optional cloud backends.

Install only if you are comfortable storing expense data locally or in the selected provider. Prefer the local backend if you do not want records sent off-device, use least-privilege Notion/Supabase credentials, and avoid `expense-tracker pass <password>`; use an interactive prompt or safer secret handling instead.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation explicitly describes use of networked backends such as Notion, Google Sheets, and Supabase, but no corresponding permissions are declared. This creates a transparency and policy-enforcement gap: users and any permission framework may not realize the skill can transmit financial records and API credentials to external services.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The skill writes potentially sensitive financial records to a local JSON file in the user's home directory without explicit disclosure, permission, or protective file-permission handling. In a skill context, silent persistence of personal finance data can expose private information to other local users, backup systems, or malware scanning predictable locations.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill transmits detailed expense records, including notes and categories, to third-party services such as Notion and Supabase without an explicit just-in-time warning. Because this is a personal finance skill, those fields may contain sensitive spending habits or personal notes, and sending them off-device increases privacy and compliance risk if the user is not clearly informed.

Missing User Warnings

High
Confidence
99% confidence
Finding
Accepting the master password via command-line argument exposes it to shell history, process listings, audit logs, and potentially other local users or monitoring tools. Since this password protects stored backend credentials, leakage can lead to decryption of API keys and broader compromise of linked services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal