ClawHub

Income Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a local income-tracking skill that matches its stated purpose, but users should treat the stored records and exports as sensitive financial data.

Install only if you are comfortable keeping income data in a local JSON file. Set DATA_PATH to a private location, protect backups and exports, invoke the skill explicitly, and consider reinstalling dependencies from a trusted HTTPS registry.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list contains broad phrases such as '收入统计', '收入分析', and '查看收入' that overlap with ordinary finance-related conversation. This can cause unintended skill activation during normal chats, leading to unwanted collection, modification, or display of personal financial data in a sensitive context.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Shortcut commands like '收入', '月报', and '趋势' are extremely vague and likely to collide with common user utterances. In a finance skill handling sensitive data, accidental activation can expose summaries or trigger stateful actions without clear user intent, increasing privacy and integrity risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill persists detailed income records to a local file, including dates, notes, and source information, but provides no explicit disclosure or consent flow to the user. Because this is sensitive financial data and the path can be influenced by environment variables, users may unknowingly leave recoverable data on shared or insecure systems.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The lockfile hard-codes dependency downloads to a Tencent mirror over plain HTTP, which removes transport security and allows tampering in transit. Even though integrity hashes provide some protection, using an unauthenticated regional mirror still introduces supply-chain risk, availability/control concerns, and unexpected outbound network behavior without user consent.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
Additional packages are pinned to the same region-specific mirror, expanding the trust boundary to an external third-party source the user did not choose. This increases supply-chain and reliability risk because dependency installation now depends on that mirror's integrity, policy, and network reachability.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
Multiple enforced Tencent mirror URLs indicate a persistent package sourcing policy embedded in the lockfile rather than an incidental local configuration. In the context of an income-tracking skill, this is more concerning because users may install software handling financial data while silently trusting a third-party package distribution path over HTTP.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger "查看收入" is broad and likely to match ordinary user requests about viewing income, which can cause the skill to activate unintentionally. In an agent ecosystem, overly generic triggers create routing ambiguity and may expose personal financial data or perform actions in the wrong context without clear user intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal