ClawHub

ledger cn

Security checks across malware telemetry and agentic risk

Overview

This ledger skill mostly matches its bookkeeping purpose, but it needs Review because broad activation and unsafe path handling could expose or write personal finance data outside the intended scope.

Install only if you are comfortable storing personal financial records locally. Use simple ledger names without slashes or path-like text, review any chart/output path before saving, and confirm any cloud or Feishu upload destination explicitly. Prefer an updated version that validates ledger names and narrows activation to clear bookkeeping requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs the agent to read local files from `~/.openclaw/skills_data/ledger/<账本名>/` and to inspect SQLite databases, but no explicit permission declaration is present. That creates an undeclared file-read capability, which weakens sandboxing and user consent boundaries and can expose local financial data if the skill is triggered unexpectedly.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The documentation directs the agent to invoke local shell tools (`uv`, `python`, `sqlite3`) with user-influenced parameters such as ledger names, date ranges, and output paths. Even though examples are bookkeeping-related, allowing shell/CLI execution substantially broadens the attack surface to command injection, unsafe argument handling, unauthorized filesystem access, and execution of unintended local code.

Vague Triggers

High
Confidence
87% confidence
Finding
The trigger conditions include very broad keywords such as '账本', '结余', '画图', '同步', and '飞书', plus an instruction that the skill 'must' be used whenever such terms appear. Overbroad matching can cause accidental activation in unrelated conversations, leading to unnecessary file reads or command execution against sensitive local financial data.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# 创建账本
uv run python ~/.openclaw/skills/ledger/src/cli.py create --name 新账本

# 列出账本
uv run python ~/.openclaw/skills/ledger/src/cli.py list
Confidence
78% confidence
Finding
create --name 新账本 # 列出账本 uv run python ~/.openclaw/skills/ledger/src/cli.py list # 查看账本日期范围(输出格式:开始月份 结束月份) uv run python ~/.openclaw/skills/ledger/src/cli.py range --name 兔兔 # 输出示例:2025-12 2026-03

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal