ClawHub

Ledger Transaction Entry

Security checks across malware telemetry and agentic risk

Overview

This skill is a local bookkeeping helper that writes ledger entries and can generate local reports, with no evidence of hidden exfiltration, installer abuse, or destructive behavior.

Install this only for a project where you want an agent to update local ledger files. Before using it, check that projects/data and projects/reports are the intended locations, and ask the agent to preview parsed fields or target files first if accidental bookkeeping changes would be costly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill manifest and primary purpose are limited to appending ledger entries, but the body also grants broader read, aggregation, chart-generation, and file-cleanup behavior. This scope expansion is dangerous because a caller may invoke a seemingly narrow bookkeeping skill and unexpectedly cause bulk data access and filesystem side effects outside the declared purpose.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Chart generation and deletion of local report files are not necessary for simple transaction entry, yet they introduce extra write/delete capabilities in the workspace. Unnecessary file operations increase the attack surface and can be abused to create, overwrite, or remove artifacts under the guise of a benign ledger-entry task.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description includes broad natural-language triggers such as any spending/income statement or generic requests to append entries, which can cause the skill to activate in situations where the user did not clearly intend file modification. Over-broad triggering is risky for a skill that writes to project data because it raises the chance of unintended persistence and silent data changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to append records to project files without an upfront warning or confirmation that user data will be modified. For a state-changing skill, lack of an explicit modification notice makes accidental or misunderstood writes more likely and reduces user awareness of persistent side effects.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal