ClawHub

Family Account Book 家庭财务记账

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local bookkeeping skill, but it can persistently write and display sensitive financial records with broad triggers and no clear confirmation boundary.

Review before installing. Use it only if you are comfortable with a local SQLite file storing household financial records, and require explicit confirmation before adding income, expenses, transfers, or initializing a ledger. Check where the database is stored and how you would correct or delete mistaken records before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
80% confidence
Finding
The documented purpose focuses on bookkeeping operations, but the finding indicates the underlying implementation also initializes the local SQLite database and manages a members table that is not disclosed in the user-facing behavior. In a financial skill, undocumented data creation or handling expands the attack surface, can surprise users, and may introduce privacy or integrity risks if extra personal data is stored without clear consent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger descriptions are broad enough to overlap with normal conversational phrases, which can cause accidental invocation of a skill that writes financial records or reveals balances. In a finance context, mis-triggering is more dangerous than in read-only skills because it can modify sensitive accounting data or expose private financial information without deliberate user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation provides direct write commands for adding transactions but does not clearly warn that they immediately modify the underlying database. In a personal finance skill, silent state changes can lead to accidental ledger corruption, fraudulent-looking records, or loss of trust in financial reporting if users or agents run examples as if they were harmless demonstrations.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The documentation includes a script that reads directly from a local finance database containing sensitive personal financial records, but does not warn about the privacy implications. In context, even read-only access is security-relevant because it may expose transaction history, categories, balances, and account relationships to unintended viewers or downstream tools.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal