ClawHub
Back to skill

Security audit

Clawhub Skill Llm Cost Guard

Security checks across malware telemetry and agentic risk

Overview

This looks like a local cost-tracking tool, but it overstates important guardrail features such as per-user enforcement, request blocking, cron automation, and external report delivery.

Install only if you treat this as a local usage logger, not as reliable budget protection. Do not rely on it to block requests or enforce per-user quotas without fixing or verifying enforcement yourself, and review any cron or messaging setup before enabling scheduled or off-host reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The CLI advertises `set-limit user <key> <USD>`, but the implementation parses only `args[2]` into a single global `perUserDailyCostLimit` value and never associates it with a user key or enforces it during `log`/reporting. In a cost-guard skill, this creates a false sense of protection: operators may believe individual users are capped when in reality any user can continue generating spend unchecked.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README states that the skill auto-installs a daily cron job and can send spend summaries to external messaging channels, but it does not present this as a privileged system change or clearly warn that usage data may be transmitted off-host. That creates a real security and privacy risk because users may install or invoke the skill without understanding that it modifies persistence mechanisms and performs outbound data sharing.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documentation describes automatic cron installation and sending spend summaries to WhatsApp or other messaging channels, but it does not prominently warn users that installing the skill may create scheduled tasks and transmit operational data externally. This can lead to unexpected persistence and unintended data disclosure, especially in environments where users assume the skill is local-only because the README also states 'No external services' and 'No telemetry.'

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal