Security audit

Family Ledger

Security checks across malware telemetry and agentic risk

Overview

This is a local family bookkeeping skill that clearly uses shared JSON ledger files, with ordinary privacy and data-loss risks but no evidence of hidden or malicious behavior.

Install only if you are comfortable storing household finance and identity mapping data in ~/.openclaw/workspace/shared/ledger/. Restrict access to that shared folder, keep versioned backups of the JSON files, and review entries when commands are ambiguous or when updating loan and reimbursement status.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly instructs the agent to overwrite shared JSON ledger files during normal operation, but it does not require any user-facing confirmation or warning before modifying shared household financial data. In a multi-user shared workspace, this can lead to accidental data loss, record corruption, or unauthorized changes if a request is ambiguous or spoofed.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill automatically reads sender_id metadata and maps it to real names from a shared file without disclosing this behavior to users. This creates a privacy risk because users may not realize that message metadata is being used to identify them and attach personally identifiable information to financial records.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.