ClawHub

Revenue Tracker

Security checks across malware telemetry and agentic risk

Overview

This looks like a real revenue tracker, but it can persist and prompt sharing of sensitive financial data to external tools without clear approval controls.

Install only if you want an agent-managed financial ledger and understand that revenue details may be stored in multiple workspace files and prepared for Google Sheets, Notion, and Telegram updates. Before use, set exact approved destinations, use limited-purpose accounts, require confirmation for external sync or alerts, avoid client names or secrets in descriptions, and fix the undeclared logging paths if strict confinement matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The documentation says learnings are written to /workspace/revenue/data/learnings.jsonl, but the declared writable paths omit that file and instead allow writes to /workspace/.learnings/LEARNINGS.md. This inconsistency can cause the agent to write sensitive revenue intelligence to an unintended location, fail open into broader tools/workflows, or bypass expected path restrictions during operation.

Intent-Code Divergence

Low
Confidence
81% confidence
Finding
The error-handling section instructs writes to ERRORS.md, but that file is not declared in permissions and is inconsistent with the rest of the logging design. While not directly enabling code execution, this kind of undocumented write target weakens confinement guarantees and can lead agents to create or append files outside the reviewed data flow.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill writes user-provided revenue learning content into a global workspace learning log outside the skill’s own data directory. That creates unintended cross-skill data propagation and can expose sensitive business notes or prompt-influencing content to unrelated agents or tools that consume the shared log.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
Audit and error messages are written to global workspace files rather than staying within the revenue tracker’s private directory. This broadens visibility of operational data and may leak business activity, file paths, parsing failures, or descriptions to unrelated components with access to those shared logs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README states that after every revenue event the skill will trigger external updates to Google Sheets or Notion and send Telegram alerts, but it does not clearly warn users that potentially sensitive financial data may be transmitted to third-party services automatically. In an autonomous-agent context, this increases the risk of unintended data exfiltration, privacy violations, and surprise side effects because an operator may invoke a local tracking command without realizing it initiates outbound actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The on-demand trigger phrase 'show me the revenue dashboard' is broad enough to overlap with normal conversation, increasing the chance that the skill activates when a user is merely discussing reporting. In this skill's context, accidental activation can expose or propagate sensitive financial data through dashboards, files, or downstream integrations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The description mentions Telegram alerts but does not clearly warn that potentially sensitive revenue data may be transmitted through the agent's Telegram integration. Users and operators may not realize that business metrics, milestones, anomalies, or client-linked financial events could leave the local workspace boundary.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Recording a revenue event automatically persists the event locally and prints structured instructions containing financial details for replication into external systems, without consent gating or disclosure controls. In an autonomous-agent context, that increases the chance of unintended data disclosure to Google Sheets, Notion, terminal logs, or downstream tooling that monitors stdout.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill routes detailed revenue, KPI, and potentially client-associated data into Google Sheets, Notion, local dashboards, and Telegram-readable summaries in plain language. This materially increases the risk of sensitive business data leakage, especially because the downstream agent actions are framed as automatic and may occur without granular redaction or approval.

Ssd 3

Medium
Confidence
92% confidence
Finding
The weekly routine explicitly instructs the agent to collect fresh revenue metrics and learnings and then send a Telegram summary. Because learnings may contain strategy performance, acquisition insights, and commercial data, this workflow creates a recurring exfiltration path for sensitive operational intelligence.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal