yoooclaw-expense-tracker

Security checks across malware telemetry and agentic risk

Overview

This skill appears useful for spending summaries, but it can read broad notification history that may include sensitive financial and personal messages without clear scope or consent controls.

Install only if you are comfortable with the agent reading notification history to answer spending questions. Use explicit requests with a narrow time range and source scope, and avoid vague prompts if you do not want private notifications searched.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases include very broad everyday terms such as “花了多少 / 花销 / 消费 / 账单 / 开销 / 支出,” which can cause the skill to activate on loosely related conversations. Because the skill then reads notification data to answer, accidental activation increases the chance of unnecessary access to sensitive financial and message metadata.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill explicitly instructs the agent to locate and process the user's full notification storage, which can contain highly sensitive financial, personal, and communication data, but it does not present any user-facing privacy warning, scope limitation, or consent flow. This makes overcollection and unexpected disclosure more likely, especially since the skill processes all notifications first and filters afterward.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal