ClawHub

Expense Tracker

Security checks across malware telemetry and agentic risk

Overview

The skill appears privacy-focused and local-only, but its activation scope is too broad for a tool that can read and modify personal finance records.

Review before installing. The skill does not show evidence of exfiltration or malicious behavior, but users should only enable it if they are comfortable with a local finance tracker that can create and update persistent expense data, and the publisher should narrow triggers or require confirmation before first-run setup and state-changing actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
98% confidence
Finding
The skill description advertises activation for extremely broad intents like 'any personal finance task,' which increases the chance the skill will auto-activate during ordinary conversation unrelated to explicit user consent. Because the skill has read/write/exec capabilities and persists sensitive financial data locally, accidental activation could cause unintended file creation, logging, or modification of personal finance records.

Vague Triggers

High
Confidence
99% confidence
Finding
The trigger list includes many generic standalone phrases such as 'today', 'report', 'compare', 'goal', 'menu', 'help', 'net', and 'savings', which are common in normal chat and likely to collide with unrelated user messages. In this skill's context, such collisions are more dangerous because activation can lead to reading financial history, modifying budgets/goals, or performing first-run filesystem actions using exec/write permissions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal