ClawHub

家庭财务管理系统

Security checks across malware telemetry and agentic risk

Overview

This skill is a local household-finance tracker that stores user-entered records on disk and shows no evidence of network upload, credential access, or hidden behavior.

Install only if you are comfortable storing detailed household financial records as local cleartext JSON files. Use it on a trusted device, back up the data directory if the records matter, and confirm exact record names before asking the agent to delete assets, liabilities, or holdings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger description includes broad everyday phrases such as managing household assets, viewing net worth, cashflow, and reports, which may overlap with normal conversation. Mis-triggering is risky here because the skill handles sensitive financial data and can perform persistent writes, so accidental activation could expose or alter user records.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill documentation says it reads and writes local JSON files for balance sheets, cashflow, and portfolio data, but does not clearly warn users that sensitive personal financial information will be persisted on disk. Because this data includes assets, liabilities, and investment holdings, silent persistence materially increases privacy and security risk if the workspace is shared, backed up, or later accessed by other tools.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes deletion operations for assets, liabilities, and holdings without any stated confirmation, preview, or recovery mechanism. In a financial record-keeping context, accidental or ambiguous deletion can corrupt a user's historical books and materially affect reports such as net worth or health scores.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persistently stores highly sensitive household financial data (assets, liabilities, cashflow, portfolio) in local JSON files under the user's home directory with no notice, consent flow, retention policy, or access-control hardening. In the context of a family finance skill, silent persistence increases privacy risk because users may reasonably assume conversational data is ephemeral, while local plaintext files can later be read by other local users, backup systems, or malware.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Asset and liability deletion functions remove records immediately with no confirmation, undo support, or safety interlock. In a finance-management skill, accidental or coerced invocation can irreversibly alter net worth and reporting outputs, causing loss of important records and potentially misleading financial decisions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Portfolio holdings can be deleted immediately without any confirmation or recovery path. Because this skill is specifically used for investment tracking, accidental deletion can corrupt portfolio summaries and health reports, leading to incorrect understanding of asset allocation and financial position.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal