ClawHub

Holded Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Holded ERP integration with powerful account access, but its behavior is purpose-aligned and requires explicit confirmation before writes.

Install only if you trust the external holded CLI and want an agent to operate your Holded ERP account. Use the least-privileged Holded API key available, review every proposed write command and payload carefully, and only confirm changes you fully understand, especially accounting, delete, or --skip-validation receipt actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The markdown instructs that timestamps must be in the Europe/Madrid timezone, which imposes a locale-specific behavior. The file does not clearly scope the skill to Spain-only operation or offer the user a timezone/locale choice, so this is a natural-language locale policy violation.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- Treat any `POST`, `PUT`, `PATCH`, or `DELETE` action as **write**.
- Treat any `GET` action (or `HEAD` when present) as **read**.
- Before any operation, always run `holded actions describe <action> --json` (after `holded actions list`) to validate accepted parameters.
- For purchase receipts, always enforce `docType=purchase` and include `"isReceipt": true` in the JSON body. Since holdedcli validates against Holded's schema (which doesn't include `isReceipt`), you **must** use `--skip-validation` flag.
- Ask for explicit user confirmation **every time** before any write action.
- Do not execute writes on ambiguous replies (`ok`, `go ahead`, `continue`) without clarification.
- Repeat the exact command before confirmation to avoid unintended changes.
Confidence
70% confidence
Finding
--skip-validation

Tool Parameter Abuse

High
Category
Tool Misuse
Content
1. Locate and validate the action.
2. Run `holded actions describe <action> --json` to verify required/optional parameters.
3. Prepare the final payload.
4. If creating a purchase receipt/ticket, verify `docType=purchase` and `"isReceipt": true`, and use `--skip-validation` flag.
5. Request mandatory confirmation.
6. Run the command after confirmation.
7. Report result (`status_code`, affected ID, API response).
Confidence
70% confidence
Finding
--skip-validation

Tool Parameter Abuse

High
Category
Tool Misuse
Content
holded actions run invoice.create-document \
  --path docType=purchase \
  --body '{"isReceipt": true, "date": 1770764400, "contactId": "<contactId>", "items": [{"name": "Description", "units": 1, "subtotal": 29.4, "tax": 0}]}' \
  --skip-validation \
  --json
```
Confidence
70% confidence
Finding
--skip-validation

Tool Parameter Abuse

High
Category
Tool Misuse
Content
```

**Important notes:**
- Use `--skip-validation` flag because holdedcli validates against Holded's schema which doesn't include `isReceipt`.
- Use `subtotal` in items (not `price`) - this is the field name Holded's API expects.
- Timestamps must be in seconds (Unix epoch) and in **Europe/Madrid timezone**.
Confidence
70% confidence
Finding
--skip-validation

Unsafe Defaults

Medium
Category
Tool Misuse
Content
- Treat any `POST`, `PUT`, `PATCH`, or `DELETE` action as **write**.
- Treat any `GET` action (or `HEAD` when present) as **read**.
- Before any operation, always run `holded actions describe <action> --json` (after `holded actions list`) to validate accepted parameters.
- For purchase receipts, always enforce `docType=purchase` and include `"isReceipt": true` in the JSON body. Since holdedcli validates against Holded's schema (which doesn't include `isReceipt`), you **must** use `--skip-validation` flag.
- Ask for explicit user confirmation **every time** before any write action.
- Do not execute writes on ambiguous replies (`ok`, `go ahead`, `continue`) without clarification.
- Repeat the exact command before confirmation to avoid unintended changes.
Confidence
80% confidence
Finding
skip-validation

Unsafe Defaults

Medium
Category
Tool Misuse
Content
1. Locate and validate the action.
2. Run `holded actions describe <action> --json` to verify required/optional parameters.
3. Prepare the final payload.
4. If creating a purchase receipt/ticket, verify `docType=purchase` and `"isReceipt": true`, and use `--skip-validation` flag.
5. Request mandatory confirmation.
6. Run the command after confirmation.
7. Report result (`status_code`, affected ID, API response).
Confidence
80% confidence
Finding
skip-validation

Unsafe Defaults

Medium
Category
Tool Misuse
Content
holded actions run invoice.create-document \
  --path docType=purchase \
  --body '{"isReceipt": true, "date": 1770764400, "contactId": "<contactId>", "items": [{"name": "Description", "units": 1, "subtotal": 29.4, "tax": 0}]}' \
  --skip-validation \
  --json
```
Confidence
80% confidence
Finding
skip-validation

Unsafe Defaults

Medium
Category
Tool Misuse
Content
```

**Important notes:**
- Use `--skip-validation` flag because holdedcli validates against Holded's schema which doesn't include `isReceipt`.
- Use `subtotal` in items (not `price`) - this is the field name Holded's API expects.
- Timestamps must be in seconds (Unix epoch) and in **Europe/Madrid timezone**.
Confidence
80% confidence
Finding
skip-validation

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal