ClawHub

Clawshier

Security checks across malware telemetry and agentic risk

Overview

Clawshier fits its receipt-to-Google-Sheets purpose, but it deserves Review because it sends sensitive receipt data to cloud services and can automatically delete or restructure spreadsheet tabs without a confirmation gate.

Install only with a dedicated empty Google spreadsheet shared narrowly with the service account. Do not point it at a spreadsheet that already contains important Sheet1 data. Use local OCR mode for images you do not want sent to OpenAI, but note that expense structuring still uses OpenAI outside test mode. Review the Sheet1 deletion behavior and consider changing it to verify emptiness or require confirmation before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The skill description presents the capability as simple receipt processing and logging, but the instructions authorize broader side effects: duplicate checks against an existing spreadsheet, creation of multiple tabs, summary/chart generation, local trace-file writes, and deletion of the default Sheet1 tab. This mismatch can cause users to authorize the skill without understanding that it will materially modify spreadsheet structure and local state beyond adding one expense row.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README states that receipt and invoice images are sent to OpenAI by default for OCR, but it does not clearly warn users that potentially sensitive financial documents may be transmitted to a third-party cloud provider. In a receipt-processing skill, these images can contain names, addresses, payment details, and line-item purchases, so lack of explicit disclosure creates a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises logging extracted expense data to Google Sheets without clearly warning that financial data will be uploaded and persisted in a cloud spreadsheet. Because expense records may include merchant names, amounts, dates, tax details, and invoice metadata, users may unknowingly expose sensitive business or personal financial information to third-party storage.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The README says the default "Sheet1" tab is deleted on first use, but it does not present this as a destructive action that could remove existing data if the user points the skill at a non-empty spreadsheet. While limited in scope, undocumented deletion behavior can cause accidental data loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow modifies a user-controlled Google Sheets document and may remove the default Sheet1 tab without an explicit warning or confirmation. Deleting or restructuring spreadsheet tabs is a destructive action that can cause data loss or break existing workflows if the user did not intend to grant that level of modification.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This file sends full receipt/invoice image contents to external services: OpenAI in `ocrWithOpenAI`, and potentially any configured Ollama host in `ocrWithOllama`. Receipts commonly contain sensitive personal and financial data, and this code provides no in-file consent, disclosure, redaction, or host restrictions, so users may unknowingly transmit sensitive documents off-device or to a non-local endpoint.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The handler unconditionally deletes a sheet named "Sheet1" every time it runs. In a shared or preexisting spreadsheet, that can destroy legitimate user data without confirmation, creating an integrity and availability risk even if the intent is just cleanup of a default blank sheet.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The handler sends raw OCR receipt text directly to OpenAI, which can include sensitive financial and personal data such as merchant details, dates, line items, card fragments, addresses, or tax identifiers. In this file there is no consent, minimization, redaction, or local-only default before transmitting that data to a third-party API, so the privacy exposure is real even if the feature is intentional.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This code sends a receipt image to an OCR provider via runOcrWithProvider, and by default the skill description indicates that provider is OpenAI. Receipts and invoices commonly contain sensitive personal and financial data, so transmitting them to a third party without an explicit user-facing disclosure or consent mechanism creates a real privacy and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal