ClawHub

Financial Telemetry

Security checks across malware telemetry and agentic risk

Overview

This financial ingestion skill mostly does what it says, but it persistently stores sensitive financial data and has unsafe path handling that can write files outside the intended workspace if given a crafted client ID.

Install only if you are comfortable with imported financial, customer, and contract data being stored locally in the OpenClaw workspace. Use simple trusted client IDs with no slashes, absolute paths, or '..' segments, and review/delete generated raw JSON backups and database records according to your retention requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises outputs including SQLite data, raw JSON backups, and an ingestion state file, which implies local file-writing behavior without any declared permissions or user-facing disclosure. In a financial telemetry context, silent file writes are risky because they may persist sensitive business and customer revenue data to disk outside the user's expectations or access controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill description claims broad connector support and refresh behavior, but the documented/observed behavior includes unsupported integrations and undisclosed local writes. This mismatch is dangerous because users may supply sensitive financial credentials or datasets under false assumptions about what the skill actually does, reducing informed consent and increasing the chance of improper data handling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill processes financial telemetry and explicitly outputs normalized events, raw JSON backups, and state files, yet the description omits warnings that imported financial data may be stored locally. This is dangerous because financial, billing, and CRM exports often contain sensitive customer and revenue information, and users may unknowingly create recoverable local copies that expand breach and compliance exposure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal