ClawHub

Manage PocketSmith transactions, categories, budgets and financial data

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed PocketSmith API client for financial data, with sensitive read access and optional writes that are disabled by default.

Install only if you trust this repository with access to your PocketSmith data. Keep POCKETSMITH_ALLOW_WRITES unset unless you are actively making changes, and confirm transaction/category IDs before update or delete operations because deletions and recategorization can affect real financial records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README states that Claude Code will 'automatically discover and use this skill when relevant' without defining narrow trigger conditions or requiring explicit confirmation before accessing financial data. For a skill that can read sensitive transaction history and, when enabled, perform writes, broad auto-invocation language increases the chance of unintended activation and privacy-impacting actions.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The natural-language examples are very broad ('Show me my PocketSmith transactions', 'Categorize transaction ...') and encourage the agent to infer when to invoke the skill from ordinary conversation. In a financial context, that can cause overbroad access to account data or accidental categorization changes if the agent triggers the skill without a clear, bounded user request.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill documents delete operations for transactions and categories without an explicit warning that these actions may be irreversible or cause financial-data loss. In a finance skill, users may run examples directly, and the presence of a write-enable flag reduces accidental writes but does not mitigate the risk once writes are enabled.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal