ClawHub

智能记账本

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local expense-tracking skill that stores records on disk, with privacy caveats users should understand.

Install only if you are comfortable with expense history being saved locally in a JSON file. On shared machines, review file permissions and delete or protect data.json when needed. Consider using explicit phrasing such as “记账...” to avoid accidental entries from broad trigger words.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases shown in the usage guide are generic verbs such as '记录', '添加', '查询', and '统计' without any documented namespace, confirmation step, or scope constraint. In an agent environment, overly broad triggers can cause unintended invocation or interception of normal user messages, leading to accidental recording or disclosure of financial data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill mentions local JSON storage as a feature, but the introductory description does not clearly warn users that potentially sensitive expense data will be persisted on disk. This can create privacy and data-handling risks because users may assume ephemeral processing and unknowingly store personal financial history locally.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill persists expense records, which include financial amounts, dates, categories, and free-text descriptions, to a local JSON file without any notice, consent flow, or retention disclosure. In a multi-user, shared-device, or managed environment, this can expose sensitive personal finance data to other local users, backups, or support personnel unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal