ClawHub

Splitwise

Security checks across malware telemetry and agentic risk

Overview

This Splitwise skill is mostly transparent, but it can automatically create real shared-expense records using a long-lived account token without clearly requiring confirmation first.

Install only if you are comfortable giving your agent a long-lived Splitwise token that can create expense records. Keep the token in a secure environment variable or secret manager, never paste it into chats or commits, rotate it if exposed, and require the agent to confirm the amount, payer, participant, group, and shares before submitting any expense.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to configure a long-lived Splitwise API token but does not warn that this credential grants ongoing access and must be stored and handled securely. In an agent/skill ecosystem, users may paste such secrets into unsafe places, commit them to repos, or expose them through logs, increasing the chance of account compromise and unauthorized expense actions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill explicitly encourages autonomous invocation based on broad natural-language requests without defining clear safety boundaries, confirmation requirements, or disambiguation rules. Because this tool performs a state-changing financial action against a third-party service, vague triggers can cause unintended expense creation, incorrect charges, or actions taken without sufficiently explicit user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal