Skillv0.1.8

ClawScan security

Nummo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 1, 2026, 3:47 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's commands and instructions match its banking purpose, but an included install instruction that pipes a remote script to sh and the unknown source/homepage make this package risky and worth extra scrutiny before use.
Guidance: This skill appears to do what it claims (connecting to banks via Plaid and providing summaries/transactions). However, do NOT run the suggested `curl ... | sh` install command without verification: piping a remote script to the shell executes arbitrary code from the site. Before installing or using the CLI, verify the publisher (nummo.ai), check for an official release page or signed installer, and review the install script contents on the server. Ask the vendor for a reproducible, auditable install method (e.g., package on a well-known registry or a downloadable release with checksums). Also confirm the privacy/security details: where transaction data is stored, who can access it, retention policy, and whether the agent or third parties can access raw data. If you prefer safer operation, use the read-only browser-based Plaid Link flows and ensure the agent asks for explicit permission before invoking any commands that access your financial data.

Review Dimensions

Purpose & Capability: okThe name, description, and listed CLI commands (auth, accounts, txs, summary, subscription flows) are coherent with a Plaid-backed banking insights skill. There are no unrelated binaries or environment variables requested that would contradict the stated purpose.
Instruction Scope: okSKILL.md stays on-topic: it instructs the agent to request explicit user permission, to present Plaid/Stripe URLs for the user to open in a browser, and to use specific commands for account and transaction queries. The instructions do not direct the agent to read unrelated system files or to exfiltrate data to unexpected endpoints.
Install Mechanism: concernAlthough the skill is instruction-only, reference/install.md tells users to run `curl -fsSL https://nummo.ai/install | sh`. That is a high-risk pattern (download-and-execute from a remote host). Even if the domain matches the project, piping an external script to sh grants arbitrary code execution and is disproportionate as an install instruction without an install spec or verified release host.
Credentials: noteThe skill declares no required environment variables or credentials, which is consistent with a flow that uses Plaid Link and magic-link auth (browser-based). However, the skill will result in access to highly sensitive financial data once a user connects accounts, so lack of declared credentials does not eliminate privacy/security risk — verify how and where data is stored and transmitted.
Persistence & Privilege: okThe skill does not request 'always' or other elevated platform privileges; it is user-invocable and relies on explicit user consent per the guidelines in SKILL.md.