ClawHub

Expense Report Pro

Security checks across malware telemetry and agentic risk

Overview

This expense skill appears purpose-aligned, but it needs review because it may persist sensitive receipt and spending data and overwrite local files without clear user control.

Install only if you are comfortable with an agent processing receipts and maintaining local expense records. Before use, check whether setup will overwrite existing files, decide whether receipt images should be retained, and require confirmation before any expense log is created or updated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The setup guide tells the agent to claim the skill is 'now set up and secure' and promises capabilities such as receipt extraction, spending queries, and report generation, but the actual steps only create local files and copy a categories file. This is a deceptive capability claim that can mislead users into trusting functionality and security properties that have not been implemented or verified.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions create directories and overwrite files in the user's workspace using shell redirection and copy operations without any prior notice, consent, or existence checks. This can destroy existing user data or silently modify the workspace in ways the user did not authorize, which is especially risky for an agent acting on a user's behalf.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The usage section defines very broad activation conditions such as any receipt upload, natural-language expense statements, budget questions, or general expense queries. This can cause unintended invocation on ordinary conversation or unrelated uploads, increasing the chance the skill reads, writes, or processes sensitive financial data without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example depicts the agent saving receipt images and appending structured financial data to user files without any mention of consent, confirmation, data minimization, or retention controls. Receipts can contain sensitive personal and financial information, so normalizing this behavior in documentation can lead downstream implementations to silently persist sensitive data or modify files in ways users did not explicitly approve.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal