ClawHub

AccountingOnFeishu

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Feishu bookkeeping helper, but it handles sensitive financial records and receipt images, so users should review its access carefully.

Install only if you trust the skill to access and modify the Feishu accounting table you provide. Confirm the target table during setup, review OCR-extracted receipt entries before batch writing, and protect or delete the local config file because it can contain table identifiers and bookkeeping metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation phrase "我要记账" is broad enough to match ordinary conversation, which can cause the skill to trigger in contexts where the user did not clearly intend to invoke bookkeeping actions. In a finance-related skill, accidental activation is risky because it may prompt access to prior accounting data or start creating records based on ambiguous user input.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Using the generic trigger "记账" for image-based receipt processing is ambiguous and can be invoked unintentionally during normal chat around photos or expenses. Because this flow performs OCR and may batch-write extracted transaction items to Feishu, an accidental trigger could expose sensitive purchase details or create unwanted financial records.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README says the skill will automatically read an existing accounting table to learn user habits, but it does not clearly warn users that prior financial records and category history will be accessed. In the context of personal finance, this is sensitive data, so silent or under-disclosed ingestion increases privacy and consent risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The receipt flow describes OCR and batch writing of line items to Feishu without a clear warning that receipt images and extracted transaction details may be processed and persisted. Receipt images often contain highly sensitive information such as merchants, timestamps, locations, partial payment details, and lifestyle patterns, making undisclosed OCR processing a meaningful privacy issue.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill advertises broad natural-language triggers such as '这个月花了多少' and '我要记账', which increases the chance of accidental invocation during ordinary conversation. In a finance-integrated skill, unintended activation can lead to unwanted reads or writes against the user's Feishu bookkeeping data, making the overbroad trigger surface a real security and safety issue rather than a purely UX concern.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly persists app_token, table_id, field mappings, and category data into a local config.json, but the documentation does not warn the user that sensitive workspace metadata and access tokens will be stored locally. If the local environment is shared or compromised, those persisted credentials could enable unauthorized access to the user's accounting table and financial metadata.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The learning flow instructs the skill to read both table schema and up to 20 existing accounting records from the user's Feishu table to infer habits, but it does not clearly warn about the scope of data access or obtain explicit informed consent for sampling historical financial entries. Because accounting records can reveal spending patterns, merchants, and personal circumstances, this omission creates a meaningful privacy risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The receipt workflow downloads user images and sends them to an external vision/OCR tool, but the skill text does not provide a clear warning that receipt contents may be processed outside the immediate chat context. Receipts often contain sensitive financial and location data such as merchant names, timestamps, line items, and sometimes partial payment information, so undisclosed third-party or external processing materially raises privacy exposure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal