ClawHub
Back to skill

Security audit

Ride Receipts

Security checks across malware telemetry and agentic risk

Overview

This skill performs the sensitive ride-receipt processing it describes, with clear local storage paths and user-confirmation guidance for Gmail and Gateway use.

Install only if you are comfortable letting it read ride receipts from the selected Gmail account, store raw receipt emails locally, and send those emails to your configured Gateway-backed model. Prefer a local or private Gateway, use a narrow date range, protect or delete the generated data files when finished, and do not enable the non-local Gateway override unless you trust that destination.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly exercises sensitive capabilities including shell execution, filesystem read/write, environment access, and network access, but it declares no explicit permissions. That creates a trust and review gap: operators may approve or invoke the skill without understanding that it pulls Gmail data, stores sensitive receipts locally, and transmits raw email content to a Gateway-backed model endpoint.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script transmits full ride-receipt email data to an LLM gateway without any explicit user-facing warning or consent at the point of transfer. These emails can contain sensitive personal and financial information, so users may unknowingly disclose location history, payment details, and identifiers to another service, especially if the non-local override is enabled.

Ssd 3

Medium
Confidence
95% confidence
Finding
The code sends the entire email object to the model, not just the minimum fields required for extraction. Ride receipts commonly contain PII and sensitive metadata, so forwarding full contents increases privacy exposure and expands the blast radius if the gateway is compromised, logged, or misconfigured.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.