ClawHub

Expense Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a local expense-tracking skill that stores and changes a plain JSON ledger as advertised, with no evidence of hidden network access, credential use, or unrelated behavior.

Install only if you are comfortable storing personal spending history as plain local JSON in the skill folder. Keep the folder private, back up ledger.json if the records matter, and ask the agent to confirm before deleting, recategorizing, or changing budgets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README presents many plain-language examples like 'spent $45 at Costco' and 'delete expense #12' without defining a clear invocation boundary or confirmation model. In an agent setting, broad everyday phrases can be misinterpreted as commands and lead to unintended writes, edits, or deletions in the local expense ledger during normal conversation.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README advertises 'Refunds & corrections' and later shows deletion and recategorization behavior, but it does not clearly warn that conversational commands can modify or remove existing records. For a local finance ledger, silent mutation is risky because accidental phrasing, misparsing, or prompt confusion could corrupt personal financial history and budget calculations.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to treat ordinary natural-language statements about spending as commands that write to a local financial ledger. Without explicit confirmation gates or exclusion rules, casual discussion, hypotheticals, quoted text, or analytical questions could be misinterpreted as real transactions, causing unauthorized modification of personal records.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The examples normalize free-form conversational triggers like 'spent $45 at Costco' and 'how much have I spent on groceries?' without defining strong boundaries for when the agent should execute state-changing actions. In a finance skill that stores and updates local records, this increases the chance of accidental logging, misclassification, or unintended edits from ambiguous conversation.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill description emphasizes convenience and locality but does not clearly warn that the skill creates, updates, and may delete personal financial records on disk. Users may not realize that conversational inputs persist as sensitive financial data, which weakens informed consent and can lead to unintended disclosure or integrity issues on shared or backed-up machines.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill supports deletion of ledger entries via natural language such as 'Delete expense #12' and 'cancel that last expense' but does not warn that these actions are permanent or require confirmation. In a financial-record context, accidental deletion can corrupt budgeting history, reports, and auditability, especially when invoked from ambiguous conversation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal