ClawHub

Bill Tracker

Security checks across malware telemetry and agentic risk

Overview

This bill-tracking skill appears purpose-aligned, but it handles sensitive financial data and should only be used with a trusted HTTPS service and protected session token.

Install only if you trust the Bill Tracker service you configure. Use an HTTPS BILL_TRACKER_URL, keep the session token private, avoid pasting sensitive financial details unless needed, and have the agent JSON-encode request bodies rather than raw-interpolating user input into shell commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to send highly sensitive financial data and a long-lived session token to an external Bill Tracker service, but it does not provide a clear user-facing warning or require explicit user consent before transmission. In an agent setting, this can cause users to unknowingly expose account balances, bills, and authentication material to a remote endpoint, especially if the configured URL is third-party or compromised.

External Transmission

Medium
Category
Data Exfiltration
Content
1. Request a verification code (sent to email):
```bash
curl -s -X POST -H "Content-Type: application/json" \
  -d '{"email":"user@example.com"}' \
  "${BILL_TRACKER_URL}/api/mcp/request-code"
```
Confidence
89% confidence
Finding
curl -s -X POST -H "Content-Type: application/json" \ -d '{"email":"user@example.com"}' \ "${BILL_TRACKER_URL}/api/mcp/request-code" ``` 2. Exchange the code from your email for a session token:

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal