ClawHub

receipt-expense-workbench

Security checks across malware telemetry and agentic risk

Overview

This skill is a local receipt and invoice organizer that can create expense CSVs, with no hidden networking, credential use, or background behavior found.

Install this only if you want help organizing receipts, invoices, or reimbursement data. Treat source documents and generated CSVs as sensitive financial records, provide only the needed fields, use explicit input and output paths, and review the ledger before submitting or sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares a local Python script that can read inputs and generate CSV outputs, implying file read/write capability, but it does not declare permissions or clearly communicate that filesystem access may occur. In a skill handling receipts and invoices, this increases risk because users may provide sensitive financial documents without understanding how local files are accessed or written.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill processes receipts, reimbursement slips, invoices, merchant names, and project codes, all of which may contain sensitive financial or personal data, yet it provides no warning about privacy, redaction, retention, or safe handling. Users may paste OCR text or documents containing tax IDs, addresses, account details, or other regulated information without being prompted to minimize or sanitize that data.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "整理发票" is very generic and can easily match normal user requests about organizing receipts rather than an intentional invocation of this specific skill. Broad activation phrases increase the chance of unintended skill routing, which can cause the agent to apply this workflow in contexts where the user did not explicitly request it.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The phrase "报销单汇总" is ambiguous because it describes a common business task without uniquely identifying this skill or its boundaries. If used as a trigger, it may cause accidental invocation during ordinary reimbursement discussions, leading to incorrect workflow selection or unintended processing of financial documents.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "做费用台账" is overly broad and overlaps with everyday accounting or spreadsheet assistance requests. This weak specificity makes unintentional activation more likely, which is risky in a finance-related skill because it may steer the agent into structured expense processing when the user wanted general advice or ad hoc help.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal