ClawHub

expense-tracker

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward expense logger that sends parsed expense details to the user’s configured Notion database.

Install only if you are comfortable storing expense details in Notion. Use a dedicated Notion integration shared only with the intended expense database, keep the token private, rotate it if exposed, and avoid entering unnecessary sensitive notes in expense descriptions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description says it will 'log daily expenses to Notion' and 'writes it to your Notion database,' but it does not clearly warn users up front that natural-language messages they type will be transmitted to and persisted in a third-party service. Because expense data can contain sensitive personal and financial details, users may disclose more than intended if the write behavior and retention implications are not made explicit before use.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The setup instructions tell users to export a Notion API key but do not warn that it is a sensitive credential that grants access to the connected workspace/database. Without guidance to protect, scope, and avoid exposing the token, users may leak it through shell history, screenshots, logs, or accidental sharing, enabling unauthorized reads or writes to their Notion data.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The skill sends expense descriptions, amounts, bank labels, and dates to Notion without any runtime consent, confirmation, or prominent user-facing notice at the moment of submission. In an agent setting, this can cause unintended disclosure of personal financial information to a third-party SaaS if the user does not realize that logging means remote transmission and storage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal