ClawHub

pocketbook

Security checks across malware telemetry and agentic risk

Overview

Pocketbook is a local personal-ledger skill that clearly stores and edits bookkeeping files for the stated purpose, with no evidence of hidden network access or destructive behavior.

Install only if you are comfortable keeping personal transaction history in local files. Choose or protect the data directory, avoid putting secrets in notes, set the correct timezone if you are not using Asia/Shanghai, and review entries when short messages could be ambiguous.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to invoke local Python scripts that read environment state and perform file reads/writes, but the metadata does not declare any corresponding permissions. This creates a capability-transparency gap: users and the platform may not realize the skill can persist and modify local financial records, increasing the risk of unexpected data access or tampering if the skill is triggered unintentionally.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill persistently stores personal financial data in local JSONL/Markdown files but does not clearly warn the user that sensitive spending history will be retained on disk. Because bookkeeping data can reveal habits, merchants, accounts, and timelines, silent retention increases privacy risk, especially on shared devices or synced home directories.

Natural-Language Policy Violations

Medium
Confidence
70% confidence
Finding
Defaulting all unspecified dates/times to Asia/Shanghai can cause incorrect timestamps for users in other regions, which may distort summaries, day/month boundaries, and audit history. In a financial-recording context, inaccurate temporal attribution can lead to misleading reports and mistaken corrections or reversions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default prompt is broad enough to trigger on generic finance-related requests such as summaries or corrections, which can cause the skill to be invoked when the user did not intend ledger operations. Because this skill performs local persistence and modifies personal bookkeeping data, accidental invocation can lead to unintended data creation, modification, or exposure of financial records.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal