ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Subscription Tracker

v1.0.3

Tracks and analyzes recurring charges from uploaded bank statements without bank linking, alerts upcoming renewals, duplicates, price hikes, and aids cancell...

0· 55·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included files: parser instructions, a local JSON DB, known subscription patterns, export and dashboard specs. Required resources (local files, jq for exports) are consistent with the purpose; there are no unrelated credential requests or surprising external services declared.
!
Instruction Scope
SKILL.md and SECURITY.md explicitly state the agent will process uploaded statement files and that 'statement contents are sent to the AI model as part of the conversation context' — that is expected for an LLM-driven tool but is a privacy-sensitive action. The instructions read/write to ~/.normieclaw/subscription-tracker (expected). The SKILL.md mentions using a 'pdf' tool for PDF extraction but the skill doesn't declare that binary as required; this mismatch could lead the agent to attempt to call an unexpected tool or plugin.
Install Mechanism
No remote install spec (instruction-only) — lower risk in that nothing is downloaded at install. The repo includes local bash scripts (setup.sh, renewal-check.sh, export-subs.sh). export-subs.sh is benign and checks for jq. However full contents of setup.sh and renewal-check.sh were not provided in the visible excerpt; README and dashboard docs indicate setup may create directory structure and a 'daily cron' for renewal-check.sh. That is plausible but you should inspect setup.sh before running, since scheduled tasks are a persistence vector.
Credentials
The skill requests no environment variables, no credentials, and stores data locally. Budget Buddy Pro integration is implemented as local export files (no API keys shown). There are no obvious requests for unrelated secrets or system paths in the visible files.
!
Persistence & Privilege
always:false (good). The skill will create and maintain ~/.normieclaw/subscription-tracker and may (per docs) set up a daily renewal-check cron job; this is functionally reasonable for ongoing alerts but is persistence on the host. Combined with the fact that statement contents are sent to the model provider as conversation context, scheduled/automatic runs could expose financial data to the model provider without repeated explicit user action. Inspect setup.sh to confirm whether it registers cron jobs or other scheduled tasks.
What to consider before installing
What to check before you install - Inspect setup.sh and renewal-check.sh before running them. Look for any network calls, curl/wget/http requests, or code that writes outside ~/.normieclaw. If setup.sh registers cron jobs or systemd timers, ensure the scheduling behavior matches what you want. - Confirm PDF extraction: SKILL.md expects a 'pdf' tool for text extraction but the skill doesn't declare that dependency. Determine which binary or plugin the agent will call (pdftotext, pdfgrep, or a third-party tool), and install a trusted one if you need PDF parsing. - Be aware of data sent to the LLM: SECURITY.md admits that statement contents are sent to your model provider as conversation context. If you use a cloud-hosted model, that provider may log or retain data per their policy. If this is a concern, run the agent with a local model or avoid uploading full statements. - Check exported files and directory permissions: ~/.normieclaw/subscription-tracker will contain sensitive financial data and stored statements. Restrict filesystem permissions (chmod 700 ~/.normieclaw and 600 for subscriptions.json) and back up/delete as needed. The README includes an rm -rf command for deletion — verify it before running. - Verify no hidden endpoints: The visible scripts and config do not show external endpoints, but some files were truncated. If you are not comfortable reviewing the remaining scripts, do not run setup.sh and instead manually create the ~/.normieclaw layout and run only the scripts you trust. - jq and other tooling: export-subs.sh requires jq (and uses bc). Ensure you install trustworthy packages from your OS package manager. Why I flagged this as suspicious (not malicious) - The skill is coherent for its stated purpose and the visible scripts are benign. The reasons for 'suspicious' are (1) truncated/not-shown scripts could implement scheduled runs or network behavior you should verify, (2) the unspecified 'pdf' tool could cause the agent to call unexpected binaries or plugins, and (3) automatic sending of statement contents to the model provider increases privacy risk if scheduled or automated runs occur. These are all explainable design decisions for this type of tool, but they merit explicit review before installation. If you want, I can (a) show the full contents of setup.sh and renewal-check.sh (if you paste them) and point out any risky calls, or (b) provide a safe, minimal manual-install checklist so you can use the tool without granting it scheduled execution rights.

Like a lobster shell, security has layers — review code before you run it.

latestvk974m7z0xjyh246v3v7ek4p5zh83z3b2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments