ClawHub

发票识别

Security checks across malware telemetry and agentic risk

Overview

The skill matches its invoice-OCR purpose, but it needs review because it recommends collecting cloud AccessKey secrets in chat and uploads invoice files to Alibaba Cloud.

Install only if you are comfortable sending selected invoice files to Alibaba Cloud OCR. Use a dedicated least-privilege RAM AccessKey for OCR, avoid pasting the secret into chat, configure it locally instead, protect or delete config.json after use, choose a narrow invoice-only folder, and monitor Alibaba Cloud usage charges.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and instructs behaviors that require reading invoice files, writing Excel output, and making network calls to Alibaba Cloud OCR, but it does not declare corresponding permissions. Missing permission declarations reduce transparency and can bypass policy or user expectations about what the skill will access and transmit. In this context, the risk is elevated because invoice contents are typically sensitive financial documents and are sent to a third-party cloud API.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly tells the agent to proactively ask the user for Alibaba Cloud AccessKey ID and AccessKey Secret, but does not warn that these are highly sensitive long-lived credentials that can grant broader cloud access than intended. Collecting secrets through conversational flow increases the chance of accidental retention, logging, disclosure, or misuse by the agent or surrounding platform.

Missing User Warnings

High
Confidence
99% confidence
Finding
The recommended setup path asks the user to directly provide cloud credentials and presents this as the recommended option, while the safer self-configuration path is secondary. This ordering and wording normalize unsafe secret handling and materially increase the likelihood that privileged cloud keys are exposed in plaintext to the agent environment or logs.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly instructs users to send raw invoice images and credential-authenticated requests to a third-party OCR endpoint, but it does not warn that invoices commonly contain sensitive personal and financial data. In this skill’s context, that omission is meaningful because the skill is designed for batch processing and even encourages collecting AccessKey credentials from users, increasing the chance of unintentional disclosure of regulated or confidential data to a remote service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends raw invoice file contents to Alibaba Cloud OCR over the network, but the user-facing workflow does not clearly warn that potentially sensitive financial documents will leave the local machine and be processed by a third-party service. Because invoices commonly contain names, tax IDs, account details, addresses, and transaction data, this creates a meaningful privacy and compliance risk if users assume the tool is local-only.

Ssd 3

High
Confidence
99% confidence
Finding
The skill repeatedly instructs the agent to proactively solicit cloud access credentials in plain language. This is dangerous because users may hand over powerful secrets in an insecure conversational context, enabling account compromise, unauthorized API usage, billing abuse, and access beyond the OCR service if the keys are overprivileged.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal