ClawHub

Accounting Assistant

Security checks across malware telemetry and agentic risk

Overview

This accounting skill is mostly related to bookkeeping, but it includes under-disclosed invoice-generation scripts with hard-coded business and bank details and command behavior that can write financial files unexpectedly.

Review the scripts before running them on real business records. Replace all embedded company, tax, and bank details before generating invoices, avoid running the documented DATEV command against an existing bookkeeping file, and treat all tax/accounting outputs as drafts that need professional review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises executable workflows that read files, write output files, and invoke shell commands, but it does not declare any permissions for those capabilities. This undermines transparent consent and security review because users and platforms cannot accurately assess the skill’s access to local financial documents and generated accounting exports.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The documented purpose focuses on bookkeeping automation, but the broader behavior includes invoice/document generation and handling of company banking and legal invoice metadata that are not clearly disclosed. This mismatch is dangerous because users may expose sensitive business identity, banking, and billing data to functionality they did not knowingly authorize or review.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill processes sensitive financial records such as receipts, tax data, and accounting exports, yet the description lacks warnings about confidentiality, data handling, and the risks of generating or exporting regulated financial information. In this context, omission of such warnings increases the chance of unsafe use, accidental disclosure, or improper handling of tax-relevant records.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The function returns a text_preview containing the first 200 characters of extracted invoice text, and the CLI later prints the full JSON results. Invoice text commonly contains sensitive financial and personal data, so exposing even a preview without masking or consent can leak confidential information to logs, terminals, or downstream tools.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal