ClawHub

family-ledger 家庭记账skill

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate local family-expense ledger, but it lets an agent permanently delete finance records from natural-language requests without a confirmation step.

Review this before installing if you care about preserving financial history. It appears local and non-exfiltrating, but you should add or require a confirmation step before delete operations, consider backups or soft-delete, and avoid granting the included broad Claude permissions unless you intentionally need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to execute a destructive delete operation directly from natural-language input without requiring confirmation, validation, or any safety interstitial. In an agent context, ambiguous parsing, prompt injection in user content, or simple user mistakes could cause irreversible record deletion and loss of financial history.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to execute a delete command directly based on natural-language input without any confirmation, preview, or safeguard. Because deletion is destructive and keyed only by an ID extracted from user input, a mistaken parse, ambiguous request, or prompt manipulation could cause irreversible data loss in the family ledger.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The delete operation permanently removes records immediately based only on an ID, with no confirmation prompt, dry-run, undo, or soft-delete mechanism. In a household finance tool, accidental or induced deletion can cause loss of accounting history and reduce integrity of financial records, especially if an agent invokes commands on a user's behalf.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill maps natural-language deletion requests directly to a destructive CLI command and explicitly says to execute commands directly, with no confirmation, preview, or guardrails. This creates a real risk of accidental or socially engineered deletion of ledger records, especially because IDs may be easy to reference and users may phrase requests ambiguously.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal