ClawHub

purchase-record

Security checks across malware telemetry and agentic risk

Overview

The skill matches its purchase-logging purpose, but it needs Review because it runs purchase text through a shell command and automatically modifies a local Excel file.

Install only if you trust the publisher and are comfortable with the skill changing the specified Excel file whenever a matching purchase command is issued. Before using it with real records, replace the shell-based exec call with spawn or execFile argument arrays, make the workbook path configurable, and add a confirmation or preview step before writing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill launches an external Python process using `child_process.exec` and builds the command line with user-controlled input (`message`). Escaping only double quotes is not sufficient to prevent shell metacharacter injection on Windows, so a crafted command could break out of the intended argument context and execute arbitrary OS commands; the hard-coded absolute path also unnecessarily exposes host filesystem details.

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
The help text discloses a specific absolute path to a local Excel file on the host system. While not directly enabling code execution, this leaks environment and username information that can aid reconnaissance and make targeted attacks against the host easier.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that user input will be automatically written to a local Excel file, but it does not clearly warn that invoking the skill causes persistent modification of a specific desktop file. This creates a meaningful safety and integrity risk because users may not realize the skill performs filesystem writes, and an agent could alter local business records without explicit informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states it will automatically append purchase information to a local Excel file, but it does not warn the user that local data will be modified or require explicit confirmation before writing. This creates a real safety and integrity issue because users may trigger unintended file changes, and the hardcoded desktop path increases the risk of silently altering sensitive local records.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal