ClawHub
Back to skill

Security audit

家庭消费意图识别 V4

Security checks across malware telemetry and agentic risk

Overview

This is a local family finance tracker that stores sensitive records on disk, but the behavior is disclosed and fits the stated purpose.

Install only if you are comfortable keeping household expenses, income, savings goals, budgets, subscriptions, and family member profiles as local plaintext JSON files. Use it on a trusted device, review ambiguous natural-language actions before saving records, and remove the data directory when you no longer want the records retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes very broad everyday phrases such as 买, 消费, 花钱, and 预算, which can match ordinary conversation unrelated to deliberate skill use. Accidental invocation is risky here because the skill handles sensitive financial records and could misclassify text as expense, income, or budget operations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The intent categories overlap substantially, with terms like 花了多少, 预算, 存钱, 想买, and 买 appearing across expense, budget, shopping, and savings contexts. Ambiguous routing can cause the wrong action or analysis to run, which is more dangerous in a finance skill because it may store incorrect records or reveal unintended summaries of private data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation advertises persistent storage of highly sensitive family financial information including income, spending, goals, subscriptions, and member profiles, but does not clearly warn about privacy, local exposure, or retention risks. On shared machines or insufficiently protected user environments, these files could be read by other local users, backups, or unrelated tools.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill stores raw financial conversation records, including free-form messages, amounts, categories, member identifiers, and timestamps, in plaintext JSON under the user's home directory. Even though this is local storage rather than exfiltration, it creates a privacy and confidentiality risk because sensitive household spending data is retained without consent, disclosure, access controls, minimization, or encryption.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill persistently writes highly sensitive financial profile data such as income, savings goals, subscriptions, and budgets to local JSON files without any visible notice or security protections. In the context of a family finance tool, these records can reveal household income patterns, obligations, priorities, and financial status if another local user, backup system, or compromised process accesses the files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.