ClawHub

个人财务管理助手

Security checks across malware telemetry and agentic risk

Overview

The core script appears local and user-directed, but the skill also describes scheduled Feishu delivery of personal finance reports while claiming offline processing.

Install only if you intend to use it for local CSV analysis and are comfortable reviewing the instructions first. Treat any Feishu or scheduled-report setup as sensitive: enable it only deliberately, check exactly what report content is sent, and use masked account data whenever possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation describes reading CSV inputs and writing categorized output files, which are effective file read/write capabilities, but no corresponding permissions are declared. This creates a transparency and policy gap: users and the host may not understand that local financial records will be accessed and written, increasing the risk of unintended data exposure or overbroad execution.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill claims offline/no-network processing, but later defines scheduled Feishu report delivery, which necessarily transmits financial information off-device. This contradiction can mislead users into trusting the skill with sensitive bank data under false assumptions about data locality and network use.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation advertises privacy protection via account masking, yet the required CSV schema asks for raw account_number input before any masking occurs. For a personal-finance skill, this mismatch is risky because users may provide full banking identifiers believing the tool inherently protects them end-to-end.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The scheduled Feishu report feature describes automatic delivery of personal financial reports without any visible warning that sensitive spending, income, or account-derived data may leave the local device. In the context of a finance assistant handling bank statements, silent or under-disclosed outbound sharing materially increases confidentiality risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal