ClawHub

invoice-qr-scanner

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for invoice QR automation, but it can send stored company, tax, banking, phone, and email details to QR-derived websites without a mandatory approval gate.

Install only if you are comfortable with the agent reading stored invoice details and using them in browser forms. Before use, require the agent to show the decoded domain, verify it is a trusted invoice site, display every field to be submitted, and get explicit approval before clicking submit; avoid storing bank account details in memory unless necessary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README states that the skill automatically reads company and contact data from MEMORY.md, including tax ID, bank account, phone, and email, without documenting consent, minimization, or user confirmation. In this skill context, that is especially risky because the data is then used to populate external invoice systems, increasing the chance of unintended disclosure of sensitive business and financial information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README describes a workflow that opens a QR-derived invoice URL and proceeds through filling and submitting a form, but it does not warn that this triggers external navigation and a real-world submission action. Because QR content may point to third-party or attacker-controlled destinations, automatic navigation and submission in this context can cause unintended data transfer, phishing exposure, or fraudulent invoice requests.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough to trigger on generic invoice-processing requests, not just QR decoding. In this context, that increases the chance the agent will autonomously navigate to external billing systems and process sensitive company/contact data when the user may not have intended full form submission automation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow includes populating and submitting forms with sensitive company and contact information, but it does not require a clear user-facing warning or consent gate before submission. In a skill that automates browser actions against external invoice systems, this creates a real risk of unintended disclosure, incorrect submission, or privacy harm.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to update persistent memory with invoice header and contact details, including tax IDs, addresses, phone numbers, bank names, and bank account numbers, without a clear disclosure or consent mechanism. Persistent storage of this concentration of financial and contact data materially raises privacy and data-retention risk, especially if memory is later reused in other contexts or exposed inadvertently.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal