ClawHub

Receipt Word Tool

Security checks across malware telemetry and agentic risk

Overview

This is a local receipt-image OCR tool that generates Word reimbursement documents, with some security caveats around model downloads and automatic file opening.

Install only if you are comfortable processing receipt images locally with EasyOCR and potentially downloading OCR model files on first use. Prefer normal TLS downloads or verified offline model files; avoid using --ssl-no-revoke unless you understand the reduced certificate-checking protection. Review generated amounts before reimbursement use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The OCR reader is lazily initialized in a way that triggers an automatic EasyOCR model download on first use, but this network behavior is not clearly declared or gated by explicit user consent. In a desktop batch-processing tool that handles receipts, unexpected outbound network access can violate user expectations, break offline/privacy assumptions, and introduce supply-chain risk if remote artifacts are fetched at runtime.

Context-Inappropriate Capability

Low
Confidence
79% confidence
Finding
The tool automatically opens the generated .docx using the OS file association via os.startfile(), which launches an external application without an explicit second user action. While the file path is user-chosen and the content is generated locally, auto-launching external handlers increases attack surface and can produce surprising execution chains if the associated application has risky add-ins, macros, or shell integration.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document explicitly instructs users to pass curl's `--ssl-no-revoke`, which disables certificate revocation checks, but it does not warn that this weakens TLS validation and can increase exposure to man-in-the-middle attacks when a certificate has been revoked. In the context of downloading executable model artifacts from the internet, this lowers transport security for files the tool will later trust and load.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal