ClawHub

openfinance

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a purpose-aligned OpenFinance querying helper, but users should understand that transaction queries involve sensitive financial data and a remote API.

Install only if you trust the OpenFinance API endpoint and understand that transaction queries and results may expose sensitive financial information to that service and to your agent session. Prefer narrow date ranges, limited account scopes, and avoid querying more transaction detail than needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to transmit highly sensitive banking data to a third-party API but does not provide any privacy warning, data handling notice, or consent guidance. In a finance-focused skill, this omission is security-relevant because users may unknowingly expose account balances and transaction histories without understanding retention, sharing, or compliance implications.

External Transmission

Medium
Category
Data Exfiltration
Content
Run a SQL SELECT against the `txns` CTE for aggregations, grouping, and analysis. The query runs read-only with a 5-second timeout and 1000-row limit.

```bash
curl -s -X POST "$BASE_URL/api/transactions/query" \
  -H "$AUTH_HEADER" \
  -H "Content-Type: application/json" \
  -d '{"sql": "SELECT SUM(amount), COUNT(*) FROM txns WHERE merchant_name ILIKE '\''%starbucks%'\''"}' \
Confidence
92% confidence
Finding
curl -s -X POST "$BASE_URL/api/transactions/query" \ -H "$AUTH_HEADER" \ -H "Content-Type: application/json" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal