ClawHub
Back to skill

Security audit

Find missing receipts (requires plow.co)

Security checks across malware telemetry and agentic risk

Overview

This skill handles sensitive Gmail receipts and card data, but its Gmail search, forwarding to Mercury, local audit database, and recurring schedule are disclosed and fit the stated receipt-matching purpose.

Install only if you want an automated agent to search every Gmail account connected to Plow, forward matched receipt emails to Mercury, and keep a local reconciliation audit database. Review the cron schedule and disable it when you do not want recurring processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs forwarding merchant emails from connected Gmail accounts to an external recipient, receipts@mercury.com, without an explicit warning that email contents and attachments may leave the user's mailbox and be disclosed to a third party. Because receipts can contain personal, financial, and transactional data, users may trigger data exfiltration without fully informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow explicitly instructs the agent to forward receipts from connected Gmail accounts to an external address, which can disclose email contents and metadata outside the user’s mailbox without any explicit consent, warning, or confirmation step. In this skill’s context, the behavior is core to the workflow, but the lack of user-facing notice, scope limitation, and confirmation makes unintended data exfiltration of sensitive financial information materially plausible.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.