ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agentfinobs

v1.0.0

AI Agent Financial Observability — monitor, budget, and analyze spending across any AI agent. Track costs, set budgets, detect anomalies, and export metrics...

0· 347·0 current·0 all-time
by@oc127
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (financial observability across agent payment rails) matches included modules: SpendTracker, BudgetManager, AnomalyDetector, MetricsEngine, Dashboard, Exporters, and a LangChain integration. The package does not request unrelated credentials (it doesn't try to contact Stripe/USDC rails directly); instead it records and exports transaction metadata, which is coherent with the stated purpose.
Instruction Scope
SKILL.md and README instructions show how to create an ObservabilityStack, start the built-in dashboard, and configure exporters. The runtime instructions do not direct the agent to read unrelated system files or secrets. However the docs do not call out security implications: the dashboard binds by default to 0.0.0.0 and exporters can push full transaction data to arbitrary webhook endpoints — both are within the feature set but can expose sensitive financial info if misconfigured.
Install Mechanism
No special install spec in the skill metadata; SKILL.md instructs 'pip install agentfinobs' which is the expected delivery mechanism for a Python SDK. The package files are included (pyproject.toml, source). There are no download-from-random-URL installers or obfuscated install steps in the provided files.
Credentials
The skill declares no required environment variables or credentials, and the code does not hard-code or request unrelated secrets. Exporters accept endpoint URLs/headers but those are optional configuration values rather than required secrets. The lack of requested credentials is proportional to the package's monitoring-only role.
!
Persistence & Privilege
The stack persists transactions to JSONL (JsonlExporter/SpendTracker) and can start an HTTP server (Dashboard, PrometheusExporter). Default dashboard host is '0.0.0.0' and default ports are used in examples; these defaults may expose financial metrics on all interfaces without authentication. WebhookExporter can transmit every transaction to arbitrary external endpoints. These behaviors are expected for an observability tool but have real operational risk (data exposure/exfiltration) if deployed with default settings or in untrusted environments.
Assessment
This skill appears to be what it claims (an on-agent financial observability SDK), but review the following before installing or enabling it: - Network exposure: the Dashboard (and Prometheus exporter) start HTTP servers and the Dashboard example binds to 0.0.0.0 by default. If you run this on a machine with network access, lock it down (bind to localhost, use a firewall, or put behind authenticated proxy). - Data exfiltration: WebhookExporter will POST every transaction to the configured URL. Only configure trusted endpoints and avoid embedding sensitive API keys in code or in public repos. Prefer the Console or local Jsonl exporters for testing. - Local persistence: transactions are written to JSONL on disk by default. Ensure the persist path is acceptable, has correct permissions, and does not leak to backups or shared volumes. - Dependency/runtime: Prometheus and httpx are optional and imported at runtime; installing optional extras will add those dependencies. Review the package on PyPI or its source repository before pip installing, especially since the skill owner/source are not provided in the metadata. - Least privilege and isolation: run the tool in an isolated environment (container, VM, or sandbox) until you confirm configuration and network exposure are safe. If you want a tighter posture, ask the maintainer (or inspect the SpendTracker/tracker implementation in full) for the defaults used for persistence paths, dashboard host binding, and any automatic exporter defaults; change them to local-only, authenticated, or disabled as appropriate.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c2n06czdy31n1a48g6tefh5821rrp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments