ClawHub
Back to skill

Security audit

发票查验

Security checks across malware telemetry and agentic risk

Overview

This invoice-checking skill mostly does what it says, but it handles sensitive invoice data and includes an unsafe manual update path that can persistently overwrite agent skills.

Install only if you trust ClawMate with invoice contents, tax IDs, bank details, and API-key-backed usage. Use narrow invoice-only folders, review batch lists before validation, remove saved result Markdown files when no longer needed, and do not run the documented curl/unzip update command unless you can verify the downloaded ZIP through a trusted channel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill requires environment access (`CLAWMATE_API_KEY`) and performs network operations against an external invoice-validation API, but it does not declare explicit permissions in a way that clearly informs the platform/user of these capabilities. This weakens security review and consent boundaries because a user may invoke a data-exporting skill without a clear permission prompt or audit signal.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The batch mode trigger includes broad everyday terms like '目录' and '文件夹' combined with invoice-related words, which increases the chance of accidental invocation. In this skill, accidental invocation is more concerning because execution can scan directories, process local files, and transmit invoice data externally.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that batch results are saved as a local Markdown file, but it does not clearly warn the user before writing potentially sensitive invoice details to disk. This creates a confidentiality risk because invoice metadata, tax IDs, bank details, and validation outcomes may persist locally beyond the session.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends invoice data and possibly invoice files to an external API, but the description does not provide a strong privacy warning or explicit informed-consent flow. Because invoices often contain sensitive financial, tax, and banking information, undisclosed external transmission materially increases privacy and compliance risk.

External Transmission

Medium
Category
Data Exfiltration
Content
```
⚠️ 技能版本过低,请运行以下命令更新:

curl -o /tmp/cm-invoice-validate.zip https://www.clawmate.net/server/test/cm-invoice-validate.zip
mkdir -p ~/.agents/skills/cm-invoice-validate
unzip -o /tmp/cm-invoice-validate.zip -d ~/.agents/skills/cm-invoice-validate/
```
Confidence
93% confidence
Finding
curl -o /tmp/cm-invoice-validate.zip https://www.clawmate.net/server/test/cm-invoice-validate.zip mkdir -p ~/.agents/skills/cm-invoice-validate unzip -o /tmp/cm-invoice-validate.zip -d

Session Persistence

Medium
Category
Rogue Agent
Content
⚠️ 技能版本过低,请运行以下命令更新:

curl -o /tmp/cm-invoice-validate.zip https://www.clawmate.net/server/test/cm-invoice-validate.zip
mkdir -p ~/.agents/skills/cm-invoice-validate
unzip -o /tmp/cm-invoice-validate.zip -d ~/.agents/skills/cm-invoice-validate/
```
Confidence
88% confidence
Finding
mkdir -p ~/.agents/skills/cm-invoice-validate unzip -o /tmp/cm-invoice-validate.zip -d ~/.agents

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal