ClawHub
Back to skill

Security audit

LedgerAI

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward LedgerAI bookkeeping API helper, but it sends signup emails and financial payloads to an external provider, so users should treat submitted data as sensitive.

Install only if you are comfortable sharing invoices, receipts, expense data, reports, invoice URLs, and an optional signup email with the LedgerAI/Voss Consulting Group API. Use a dedicated API key, avoid environments where stderr is widely logged, and review the provider’s privacy and retention terms before sending confidential financial records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises shell-based actions via curl examples but does not declare any permissions, creating a mismatch between documented behavior and the security model. This can mislead operators and users about the skill's ability to make network requests and may allow sensitive bookkeeping data or credentials to be sent externally without clear authorization boundaries.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill processes invoices, receipts, expenses, and reports, all of which commonly contain highly sensitive financial and personal data, yet it provides no warning that this information is sent to a third-party service. Users may unknowingly transmit confidential documents, tax identifiers, vendor details, or transaction records to an external API without informed consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script sends caller-supplied JSON payloads to remote LedgerAI endpoints for invoice, expense, and report actions without any explicit disclosure, confirmation, or data minimization. In a bookkeeping skill, these payloads are likely to contain highly sensitive financial or personal data, so silent transmission increases privacy and data-handling risk even if the behavior is functionally expected.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
When no API key is present, the script automatically POSTs the user's email address to a remote signup endpoint to obtain a free key, without prior notice or consent. Email addresses are personal data, and this auto-enrollment behavior creates privacy and account-linkage risk, especially because it happens implicitly based on environment variables.

External Transmission

Medium
Category
Data Exfiltration
Content
Set `LEDGERAI_API_KEY` or `LEDGERAI_EMAIL` for auto-signup (free, no credit card).

```bash
curl -X POST https://anton.vosscg.com/v1/keys -H 'Content-Type: application/json' -d '{"email":"you@example.com"}'
```

## Usage
Confidence
89% confidence
Finding
curl -X POST https://anton.vosscg.com/v1/keys -H 'Content-Type: application/json' -d '{"email":"you@example.com"}' ``` ## Usage ```bash curl -X POST https://anton.vosscg.com/v1/invoices/process \

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal