ClawHub

算盘

Security checks across malware telemetry and agentic risk

Overview

This bookkeeping helper is coherent, but it can execute persistent financial record changes and deletions without clear confirmation safeguards.

Install only if you are comfortable reviewing each suanpan command before it runs. Require explicit confirmation for add, update, remove, import, account, category, and tag changes, keep backups of the finance database, and avoid the curl-to-bash installer unless you inspect or pin the downloaded script first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The referenced document expands the skill from bookkeeping/query/statistics command generation into higher-risk management operations such as account/category/tag mutation and file import. In an agent setting, this broadens the action surface beyond the manifest’s stated scope, increasing the chance that a natural-language request is translated into destructive or privacy-impacting commands the user did not expect.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description is broad enough to match many ordinary finance-related conversations, which can cause the skill to activate when the user did not explicitly intend CLI command generation or execution. In this skill's context, unintended activation is risky because the skill is designed to construct operational finance commands, including account queries and state-changing bookkeeping actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation includes destructive operations such as `suanpan remove <短ID>` without requiring explicit confirmation, preview, or warning about irreversible effects. In a skill that translates natural language into commands, this increases the chance that an ambiguous request or mistaken ID results in unintended deletion of financial records.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The installation instructions recommend piping a remotely fetched script directly into `bash`, which executes unreviewed code from the network immediately. If the source is compromised, intercepted, or updated maliciously, users could run arbitrary commands on their systems with no inspection step.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation exposes a destructive deletion command (`suanpan remove`) without any warning that records may be permanently deleted or guidance to verify IDs before execution. In an agent skill that converts natural-language finance requests into CLI actions, this increases the chance that a user or model issues an irreversible delete based on ambiguous intent or the wrong short ID, causing loss of accounting data.

External Script Fetching

Low
Category
Supply Chain
Content
### 快速安装(推荐)
```bash
curl -sSL https://raw.githubusercontent.com/yinguobing/suanpan/main/install.sh | bash
```

### 从源码编译
Confidence
99% confidence
Finding
curl -sSL https://raw.githubusercontent.com/yinguobing/suanpan/main/install.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
### 快速安装(推荐)
```bash
curl -sSL https://raw.githubusercontent.com/yinguobing/suanpan/main/install.sh | bash
```

### 从源码编译
Confidence
99% confidence
Finding
| bash

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal