ClawHub

Expense Tracker

Security checks across malware telemetry and agentic risk

Overview

This expense tracker is not malware, but it needs review because it stores sensitive spending data and can log raw payment-screenshot text.

Install only if you are comfortable with local persistent storage of your expense history and possible exposure of raw payment-screenshot text in logs. Prefer using it with explicit commands, avoid sending screenshots that contain unrelated sensitive information, and remove or disable raw OCR logging before routine use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list includes broad everyday phrases such as spending-related expressions, which can cause the skill to activate unintentionally during normal conversation. In this skill context, accidental activation is more dangerous because it can lead to persistence of sensitive personal finance data and processing of payment screenshots without deliberate user intent.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger conditions for `查看记录` and especially `记账提醒` are underspecified, with no clear bounds on when they should fire or when they should not. Ambiguous trigger logic can cause unsolicited reminders, accidental disclosure of spending summaries, or unintended record retrieval in the wrong conversational context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill processes highly sensitive financial data, including payment screenshots and expense histories, and writes them to local files without any user-facing privacy notice or consent flow. In this context, the omission is significant because users may unknowingly expose merchant names, amounts, payment methods, and timestamps to persistent storage.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script prints both the OCR engine used and the full raw OCR text to stderr, which can expose sensitive financial data from payment screenshots such as merchants, timestamps, amounts, and other personal transaction details. In an agent or server environment, stderr is often captured in logs, monitoring systems, or debugging consoles, so this creates a real privacy and data-leak risk without any user warning or consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal