ClawHub

智能财务报销助手(Finance Assistant)

Security checks across malware telemetry and agentic risk

Overview

This finance assistant is purpose-built to store and manage local invoice records, with no evidence of hidden code, malware, or unrelated data access, but users should treat its financial-file storage and sharing workflows carefully.

Install only if you are comfortable storing invoice originals and finance ledgers under ~/finance or a chosen local workspace. Before using it with real invoices, set a private storage location, review extracted fields before saving or sharing, confirm Feishu recipients and edit permissions, and enable the cron templates only if you want recurring jobs that read and update those records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill explicitly recommends using low-level system commands such as `cat` to read files when encountering encoding issues. That expands the agent's operational scope beyond structured file-reading APIs into general shell access, which increases the risk of command misuse, path expansion mistakes, and unauthorized access to other local files in a workflow handling sensitive financial data.

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The skill's stated purpose is finance tracking, but it instructs the agent to proactively search for external information for further handling such as tax consultation. This broadens behavior from record management into open-ended research/actions, which can cause scope creep, unvetted data retrieval, and unintended disclosure of sensitive business context to external services.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill directs the agent to save invoice originals and write parsed details into finance records, but it does not require explicit confirmation, minimization, retention controls, or a warning that highly sensitive financial and tax data will be stored. In a multi-company finance context, this can lead to silent persistence of personal and corporate financial information on disk, increasing exposure if the workspace is shared or compromised.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill instructs generating reimbursement documents, adding permissions, packaging them into a zip, and sending them in chat without any privacy or recipient-verification safeguards. Those actions can expose detailed financial records to unintended recipients or over-broaden document access, especially because reimbursement data may contain invoice images, company names, tax identifiers, and spending history.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal