ClawHub
Back to skill

Security audit

Plutus — Expense Intelligence

Security checks across malware telemetry and agentic risk

Overview

Plutus is a local expense-reporting skill whose main risk is that it saves sensitive financial reports on disk.

Install only if you are comfortable with a pip dependency and, separately, any optional Pro purchase/install flow. When using real financial data, run it in a private directory you control, review the generated Markdown and CSV reports, and delete or redact them if they should not remain on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill persists financial data to local Markdown and CSV files, but this behavior is not prominently disclosed alongside the core functionality. For finance data, unexpected persistence increases confidentiality risk because sensitive transaction details may remain on disk, be indexed, synced, or exposed to other local users/processes.

Intent-Code Divergence

Medium
Confidence
82% confidence
Finding
The security section claims the tool 'runs entirely locally' and that no data is transmitted, yet the documented install and upgrade flow directs users to external package and commerce services. Even if transaction data is not uploaded by the script itself, this messaging is misleading and may cause users to underestimate network exposure, supply-chain risk, or paid-upgrade trust boundaries.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description emphasizes analysis features but does not clearly warn that it writes financial reports to disk. Because the outputs contain sensitive expense and transaction data, omission of this side effect can lead to unintended retention and disclosure on shared systems or synced folders.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.