PocketLens
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: pocketlens Version: 1.0.0 The skill presents a potential shell injection vulnerability in `SKILL.md` when instructing the AI agent to execute `node pocket-lens.mjs create-transaction '<JSON>'`. The JSON argument is constructed from potentially untrusted input (vision AI output or user messages). While the `SKILL.md` attempts to guide the agent to quote the JSON, and the `pocket-lens.mjs` script uses `JSON.parse()` (which is safe for JSON parsing), the intermediate step of passing an unvalidated, AI-generated string to a shell command is a known attack vector if the agent fails to properly escape shell metacharacters within the JSON string, potentially leading to arbitrary command execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misread receipt, a screenshot shared for another reason, or an incorrect Vision extraction could create unintended or inaccurate financial records in the user’s PocketLens account.
The skill directs the agent to turn payment-looking images into API write operations, including multiple transactions, without requiring the user to review and approve the extracted merchant, amount, date, or category first.
When a user sends an image that appears to be a receipt, credit card statement, bank notification, or any payment-related screenshot ... For each parsed transaction, call the PocketLens API using the helper script: node pocket-lens.mjs create-transaction '<JSON>'
Require a confirm-before-create flow: show the extracted transactions and total, wait for explicit user approval, and ideally create them as pending or provide an undo path.
If the API key is leaked or misused, someone may be able to create or access financial records depending on the key’s permissions.
The skill expects a credential that can mutate the user’s PocketLens account, and the documentation allows a full-permission key even though least privilege is safer.
Set the permission to **write** (or **full**).
Use the least-privileged PocketLens key that supports the needed operations, avoid full permission unless truly required, and rotate the key if it may have been exposed.
Uploaded images may contain personal financial details beyond the transaction being recorded, and those details may be visible to the model/tooling and PocketLens service.
Sensitive receipt, card-statement, and banking screenshot data is processed through a Vision AI/tool flow and then sent to PocketLens. This is the advertised function, but it involves sensitive financial information crossing service boundaries.
The assistant will: 1. Analyze the image using Vision AI. 2. Extract merchant name, amount, date, and card info. 3. Submit the transactions to PocketLens.
Only upload images you intend to process, crop or redact unrelated details where possible, and review PocketLens/OpenClaw data handling policies.