ClawHub

Subscription Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local subscription-tracking skill that handles sensitive financial statements, with the main risk being disclosed local retention of that data.

Install only if you are comfortable letting your agent process bank or credit card statements and store derived subscription data, possible statement archives, exports, and logs under ~/.normieclaw/subscription-tracker. Prefer CSVs with the minimum needed date range, redact unnecessary identifiers where practical, review exports before sharing them, and delete the tracker directory when you stop using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README instructs users to upload bank or credit card statements, which are highly sensitive financial documents, but it does not prominently warn about the sensitivity of this data, what fields may be exposed, or how the files are stored, retained, or protected. In a skill centered on processing financial statements, the lack of an explicit data-sensitivity warning can cause users to share private financial information without informed consent, increasing privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup prompt explicitly instructs the agent to ingest and scan bank or credit card statements, which are highly sensitive financial records, but it provides no privacy warning, data handling notice, minimization guidance, or user-consent checkpoint. In an agent context, this increases the risk that users expose account numbers, merchant histories, and other financial data without understanding retention, storage, or downstream use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly stores parsed financial statement data locally and archives uploaded statements, but it does not clearly warn users that sensitive banking and credit card information will be retained on disk. This creates a real privacy risk because users may upload statements containing transaction histories, account details, and merchant data without informed consent about persistence.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The export feature writes subscription and spending data to files for import into other tools, but the skill does not warn users that these files may persist outside the main database and broaden exposure of their financial profile. While less severe than raw statement retention, exported recurring-expense data still reveals services used, spending levels, and renewal timing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The spec explicitly directs the agent to modify `subscriptions.json` automatically after several triggers, including daily cron jobs and statement scans, but it does not describe any user notification, confirmation, audit trail, or rollback behavior. In a skill that manages personal financial subscription data, silent background writes can cause unintended state changes, hide mistakes from automated parsing, and reduce the user's ability to detect or recover from corruption or incorrect cancellations/updates.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The example provides step-by-step cancellation instructions before clearly warning about the consequence that Google Drive storage will revert to the free 15GB tier. In an agent skill, sequencing matters: users may follow the cancellation flow immediately and only afterward notice the risk of losing access to files, backups, or email/storage functionality if they exceed the reduced quota.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The example depicts the agent comparing a user's latest Visa statement to prior statements to detect price changes, but it provides no consent, minimization, retention, or security context for handling financial statement data. In a subscription-tracking skill, normalized access to card statements can encourage over-collection of sensitive financial data and obscure the need for explicit user authorization and privacy safeguards.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly asks users to provide bank statement data and demonstrates extracting and reasoning over sensitive financial transactions, but it provides no privacy notice, data-minimization guidance, or handling constraints. This creates a real privacy and security risk because users may disclose highly sensitive financial information without understanding retention, sharing, or exposure implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The agent encourages the user to upload additional bank and card statements, increasing the volume and scope of sensitive financial data exposed, without any corresponding warning or privacy controls. This broadens the potential blast radius of accidental disclosure, over-collection, or misuse of financial records.

Session Persistence

Medium
Category
Rogue Agent
Content
## What This Does

This setup process will:
1. Create your subscription tracker directory and config files
2. Walk you through your first statement scan
3. Build your initial subscription database
4. Set your alert preferences
Confidence
79% confidence
Finding
Create your subscription tracker directory and config files 2. Walk you through your first statement scan 3. Build your initial subscription database 4. Set your alert preferences 5. Optionally connec

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal