ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Personal Finance Tracker

v0.5.0

Manage personal finances: record expenses, income, transfers, check balances, and generate reports. TRIGGER when: user asks to record a transaction, expense,...

0· 43·0 current·0 all-time
byChernenko Ivan@spotsccc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires wallet
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md explicitly requires running an external 'assistant' CLI to talk to a PostgreSQL store, yet the registry metadata lists no required binaries, no installation, and no environment variables/credentials. That is inconsistent: a finance tracker that reads/writes transactions normally needs a CLI binary or DB connection info. The skill source/homepage is unknown, so there is no place to verify what the 'assistant' CLI is or how it authenticates.
Instruction Scope
Runtime instructions are narrowly focused on finance operations (get-wallets, create-expense, spending-report) and do not ask to read arbitrary system files. However they instruct the agent to invoke an external CLI that will access stored financial data; there is no guidance on authentication, DB host, or what data the CLI will access. That leaves the agent discretion to use whatever local 'assistant' binary and credentials are available.
Install Mechanism
No install spec and no code files — instruction-only — so the skill itself will not write or fetch code. This lowers installation risk. The main risk stems from calling an external binary (the 'assistant' CLI) which is not declared.
!
Credentials
The skill declares no required environment variables or credentials, yet the SKILL.md implies access to a PostgreSQL-backed dataset via a CLI. That typically requires DB connection info or local credentials; asking for none is disproportionate. Also allowed-tools includes 'Read', which enables file reads; the agent could discover credentials from local files unless explicitly constrained.
Persistence & Privilege
The skill is user-invocable and not forced-always. It does not request persistent system privileges or declare modifications to other skills or system-wide settings. Autonomous invocation is enabled (default) but not combined with other high-risk flags.
What to consider before installing
This skill appears to expect an external 'assistant' CLI that interacts with a PostgreSQL database, but the package metadata does not declare that dependency or any authentication details. Before installing or enabling it, verify: (1) what the 'assistant' CLI is, where it comes from, and that you trust it; (2) where the finance data will be stored (local DB, remote host) and whether DB credentials are required; (3) whether any local files (credentials, .env, keyrings) could be read by the agent via the allowed 'Read' tool. If you cannot confirm the CLI provenance and storage location, run this skill in a sandboxed environment or decline to install. If you proceed, restrict the agent's file access and avoid exposing DB credentials as environment variables to the agent until you verify the implementation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bwx4kaxdv6fzzygyr2tr3th84fptw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments