ClawHub

Receipt Tracker

Security checks across malware telemetry and agentic risk

Overview

The receipt tracker mostly matches its stated purpose, but it ships a Nextcloud helper containing plaintext credentials and under-documented remote storage access.

Review before installing. Do not use the bundled Nextcloud helper as-is; remove the embedded credential and rotate it if it is real. Only process receipts you are comfortable sending to the configured model provider, and remember that expenses.csv will retain sensitive spending history in the workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill stores detailed purchase history to a persistent CSV file automatically, but it does not clearly warn the user or obtain consent for retaining sensitive behavioral data. Receipt data can reveal habits, health purchases, travel patterns, and other personal information, so silent persistence creates a privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow directs the agent to send receipt images to an external model/service for OCR and analysis without informing the user. Receipt photos may contain merchant identifiers, dates, locations, partial card details, and intimate purchase data, so undisclosed third-party transmission is a meaningful privacy exposure.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The file contains hardcoded Nextcloud connection details, including a plaintext username and password, which exposes reusable credentials to anyone who can read the source, logs, backups, or package contents. In this skill's context, the risk is elevated because the service appears to access an internal DAV endpoint and a family receipts folder, so compromise could expose private financial documents and enable unauthorized access to connected storage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal